Awesome

DahuaLoginBypass

Chrome extension that uses vulnerability CVE-2021-33044 to log in to Dahua IP cameras and VTH/VTO (video intercom) devices without authentication.

For other device types (NVR/DVR/XVR, etc), there exists CVE-2021-33045 which cannot be exploited with an ordinary web browser.

These vulnerabilities are likely to be fixed in firmware released after Sept 2021.

Credit for discovering the vulnerabilities: bashis

Installation

Download the .zip file from the releases section.

1. Extract the folder from this zip somewhere.
2. Go to chrome's extensions page ( chrome://extensions ).
3. Enable the Developer mode option at the top right.
4. Click Load unpacked and choose the DahuaLoginBypass folder you extracted.

Usage Instructions

Go to the login page of a Dahua IP camera and click the extension's icon ( ) to the right of your address bar. This should add a panel with a new button for you to use: