Closed UNC1739 closed 1 week ago
I'm not seeing any nuclei templates in the upstream nuclei-templates repository which cover this particular CVE. It looks like there are public exploits available for this issue:
There is a nuclei template for a related vulnerability CVE-2021-33044. I think both of these issues were fixed within the same patch-set:
There is a technical writeup on this issue available here:
https://packetstormsecurity.com/files/download/164423/dahua-bypass.txt
I'm not terribly worried about this one since from the writeup it looks like CVE-2021-33045 is a slight variant on CVE-2021-33044 and they were likely both fixed in the same patch. Although the writeup for CVE-2021-33044 says that it impacts " "Those devices who do not support "NetKeyboard" functionality (older than June 2021)" so there might be some edge cases where the device is impacted by CVE-2021-33045, but not CVE-2021-33044.
CVE ID: CVE-2021-33045 Vendor/Project: Dahua Product: IP Camera Firmware Vulnerability Name: Dahua IP Camera Authentication Bypass Vulnerability Date Added: 2024-08-21 Short Description: Dahua IP cameras and related products contain an authentication bypass vulnerability when the loopback device is specified by the client during authentication. Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Due Date: 2024-09-11 Known Ransomware Use: Unknown Notes: https://www.dahuasecurity.com/aboutUs/trustedCenter/details/582