{ "data_type": "CVE", "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-33046", "ASSIGNER": "cybersecurity@dahuatech.com", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "n/a", "product": { "product_data": [ { "product_name": "Access control vulnerability found in some Dahua products", "version": { "version_data": [ { "version_value": "Dahua IP Camera devices IPC-HX3XXX, and IPC-HX5XXX" }, { "version_value": "PTZ Dome Camera SD1A1, SD22, SD49, SD50, SD52C, and SD6AL" }, { "version_value": "Thermal TPC-BF1241,TPC-BF2221, TPC-SD2221" }, { "version_value": "VTO2101E, VTOX221E, and ASC2204C devices Buildtime between 2017/7 ~ 2021/7. NVR devices NVR4XXX, and NVR5XXX" }, { "version_value": "XVR devices XVR4XXX, and XVR5XXX" }, { "version_value": "HCVR devices HCVR7XXX, and HCVR8XXX devices Buildtime between 2017/1 ~ 2021/7." } ] } } ] } } ] } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Access control" } ] } ] }, "references": { "reference_data": [ { "refsource": "MISC", "name": "https://www.dahuasecurity.com/support/cybersecurity/details/957", "url": "https://www.dahuasecurity.com/support/cybersecurity/details/957" }, { "refsource": "CONFIRM", "name": "https://www.dahuasecurity.com/support/cybersecurity/details/987", "url": "https://www.dahuasecurity.com/support/cybersecurity/details/987" }, { "refsource": "CONFIRM", "name": "https://support.dahuatech.com/networkSecurity/securityDetails?id=95", "url": "https://support.dahuatech.com/networkSecurity/securityDetails?id=95" } ] }, "description": { "description_data": [ { "lang": "eng", "value": "Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords." } ] } }