Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Vulnerabilities in Dahua's Cameras
Alerts

Vulnerabilities in Dahua's Cameras

8 October 2021

Dahua has released firmware updates to address two security vulnerabilities (CVE-2021-33044 and CVE-2021-33045) in their cameras. These vulnerabilities could allow attackers to bypass authentication and gain control of the camera and its video feed.

The list of affected models is extensive and covers many of Dahua's cameras:

  • HUM7XXX, HX3XXX, HX5XXX

  • NVR1XXX, NVR2XXX, NVR4XXX, NVR5XXX, NVR6XX

  • SD1A1, SD22, SD49, SD50, SD52C, SD6AL

  • TPC-BF1241, TPC-BF2221, TPC-BF5XXX, TPC-PT8X21B, TPC-SD2221, TPC-SD8X21

  • VTH542XH, VTO65XXX, VTO75X95X,

  • XVR4xxx, XVR5xxx, XVR7xxx

Please refer to Dahua's security advisory [1] for the list of affected versions.

Users of Dahua cameras are advised to:

  1. Immediately upgrade to the latest available firmware version

  2. Change the device's default password to a strong password

More information is available here:

[1] https://www.dahuasecurity.com/support/cybersecurity/details/957

[2] https://www.bleepingcomputer.com/news/security/unpatched-dahua-cams-vulnerable-to-unauthenticated-remote-access/

Back to top