Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-33044 PoC — Dahua IPC 授权问题漏洞

Source
https://github.com/bp2008/DahuaLoginBypass
Associated Vulnerability
Title:Dahua IPC 授权问题漏洞 (CVE-2021-33044)
Description:The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.
Description
Chrome extension that uses vulnerabilities CVE-2021-33044 and CVE-2021-33045 to log in to Dahua cameras without authentication.
Readme
# DahuaLoginBypass
Chrome extension that uses vulnerability [CVE-2021-33044](https://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html) to log in to Dahua IP cameras and VTH/VTO (video intercom) devices without authentication.

For other device types (NVR/DVR/XVR, etc), there exists [CVE-2021-33045](https://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html) which cannot be exploited with an ordinary web browser.

These vulnerabilities are likely to be fixed in firmware released after Sept 2021.

Credit for discovering the vulnerabilities: [bashis](https://github.com/mcw0)

## Installation

Download the `.zip` file from the [releases section](https://github.com/bp2008/DahuaLoginBypass/releases).

1. Extract the folder from this zip somewhere.
2. Go to chrome's extensions page ( `chrome://extensions` ).
3. Enable the **Developer mode** option at the top right.
4. Click **Load unpacked** and choose the DahuaLoginBypass folder you extracted.

## Usage Instructions

Go to the login page of a Dahua IP camera and click the extension's icon ( ![image](https://user-images.githubusercontent.com/5639911/136862312-eaa5845f-2ed7-4d3c-8575-431b2f46ef87.png) ) to the right of your address bar.  This should add a panel with a new button for you to use:

![image](https://user-images.githubusercontent.com/5639911/137221417-ef9fe775-44c1-4517-919f-902f3ba3eda1.png)
File Snapshot

 [4.0K]  /data/pocs/5fd195922f929b39d4ede26dd0e72162e58b15f8
├── [4.5K]  background.js
├── [4.0K]  DahuaLoginBypass 1.0
│   ├── [4.7K]  background.js
│   ├── [ 666]  icon128.png
│   ├── [ 234]  icon32.png
│   ├── [ 300]  icon48.png
│   └── [ 455]  manifest.json
├── [3.8K]  DahuaLoginBypass 1.0.zip
├── [4.0K]  DahuaLoginBypass v2
│   ├── [6.1K]  background.js
│   ├── [ 666]  icon128.png
│   ├── [ 234]  icon32.png
│   ├── [ 300]  icon48.png
│   └── [ 455]  manifest.json
├── [4.2K]  DahuaLoginBypass v2.zip
├── [4.0K]  DahuaLoginBypass v3
│   ├── [6.2K]  background.js
│   ├── [ 666]  icon128.png
│   ├── [ 234]  icon32.png
│   ├── [ 300]  icon48.png
│   └── [ 455]  manifest.json
├── [4.2K]  DahuaLoginBypass v3.zip
├── [4.0K]  DahuaLoginBypass v4
│   ├── [4.5K]  background.js
│   ├── [ 666]  icon128.png
│   ├── [ 234]  icon32.png
│   ├── [ 300]  icon48.png
│   └── [ 455]  manifest.json
├── [4.2K]  DahuaLoginBypass v4.zip
├── [ 666]  icon128.png
├── [ 234]  icon32.png
├── [ 300]  icon48.png
├── [ 34K]  LICENSE
├── [ 455]  manifest.json
├── [4.0K]  misc
│   ├── [4.4K]  dahua-bypass.txt
│   ├── [6.4K]  extra.js
│   ├── [2.0K]  key_black_24dp.svg
│   ├── [ 199]  popup.html
│   └── [2.5K]  popup.js
└── [1.4K]  README.md

5 directories, 36 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →