qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/DaHua-Login-Bypass-(CVE-202...

65 lines
4.0 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Name": "DaHua Login Bypass (CVE-2021-33044)",
"Description": "<p>SD, TPC, VTO, and IPC are video products under the umbrella of Dahua.</p><p>The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.</p>",
"Product": "Dahua",
"Homepage": "https://www.dahuasecurity.com/",
"DisclosureDate": "2021-10-06",
"Author": "1291904552@qq.com",
"FofaQuery": "title==\"WEB SERVICE\" && (body=\"IPC\" || body=\"VTO\" || body=\"VTH\")",
"GobyQuery": "title==\"WEB SERVICE\" && (body=\"IPC\" || body=\"VTO\" || body=\"VTH\")",
"Level": "3",
"Impact": "<p>The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.</p>",
"Recommandation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://www.dahuasecurity.com/support/cybersecurity/details/957\">https://www.dahuasecurity.com/support/cybersecurity/details/957</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2. Upgrade the Apache system version.</p>",
"Translation": {
"CN": {
"Name": "大华视频部分产品存在登录绕过漏洞CVE-2021-33044",
"VulType": ["登录绕过"],
"Tags": ["登录绕过"],
"Description": "<p>SD, TPC, VTO, IPC是大华旗下的视频系列产品。</p><p>在登录过程中发现的身份认证绕过漏洞。攻击者可以通过构造恶意数据包来绕过设备身份验证,获取系统敏感配置和信息。</p>",
"Impact": "<p>在登录过程中发现的身份认证绕过漏洞。攻击者可以通过构造恶意数据包来绕过设备身份验证,获取系统敏感配置和信息。</p>",
"Product": "大华",
"Recommendation": "<p>⼚商已发布了漏洞修复程序,请及时关注更新: <a href=\"https://www.dahuasecurity.com/support/cybersecurity/details/957\">https://www.dahuasecurity.com/support/cybersecurity/details/957</a></p><p>1、通过防⽕墙等安全设备设置访问策略设置⽩名单访问。</p><p>2、升级Apache系统版本。</p>"
},
"EN": {
"Name": "DaHua Login Bypass (CVE-2021-33044)",
"VulType": ["login-bypass"],
"Tags": ["login-bypass"],
"Description": "<p>SD, TPC, VTO, and IPC are video products under the umbrella of Dahua.</p><p>The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.</p>",
"Impact": "<p>The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.</p>",
"Product": "Dahua",
"Recommendation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://www.dahuasecurity.com/support/cybersecurity/details/957\">https://www.dahuasecurity.com/support/cybersecurity/details/957</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2.Upgrade the Apache system version.</p>"
}
},
"References": [
"https://www.dahuasecurity.com/support/cybersecurity/details/957"
],
"HasExp": true,
"ExpParams": [
{
"name": "method",
"type": "createSelect",
"value": "configManager.getMemberNames,configManager.getConfig"
},
{
"name": "params",
"type": "createSelect",
"value": ",device,RemoteDevice"
}
],
"ExpTips": null,
"ScanSteps": null,
"ExploitSteps": null,
"Tags": [
"login-bypass"
],
"VulType": ["login-bypass"],
"CVEIDs": ["CVE-2021-33044"],
"CVSSScore": "9.0",
"AttackSurfaces": {
"Application": null,
"Support": null,
"Service": null,
"System": null,
"Hardware": ["Dahua"]
}
}
Reference in New Issue View Git Blame Copy Permalink