Dahua cameras are prone to two authentication bypass vulnerabilities, and proof-of-concept (PoC) exploit code for two of the bugs are now publicly available.

The authentication bypass flaws are tracked as CVE-2021-33044 and CVE-2021-33045, and are both remotely exploitable during the login process by sending specially crafted data packets to the target device.

Dahua’s security advisory urges owners of vulnerable models to upgrade their firmware – dahuasecurity.com.

Source: bleepingcomputer.com