DahuaLoginBypass
Chrome extension that uses vulnerabilities CVE-2021-33044 and CVE-2021-33045 to log in to Dahua cameras without authentication.
Install / Use
/learn @bp2008/DahuaLoginBypassREADME
DahuaLoginBypass
Chrome extension that uses vulnerability CVE-2021-33044 to log in to Dahua IP cameras and VTH/VTO (video intercom) devices without authentication.
For other device types (NVR/DVR/XVR, etc), there exists CVE-2021-33045 which cannot be exploited with an ordinary web browser.
These vulnerabilities are likely to be fixed in firmware released after Sept 2021.
Credit for discovering the vulnerabilities: bashis
Installation
Download the .zip file from the releases section.
- Extract the folder from this zip somewhere.
- Go to chrome's extensions page (
chrome://extensions). - Enable the Developer mode option at the top right.
- Click Load unpacked and choose the DahuaLoginBypass folder you extracted.
Usage Instructions
Go to the login page of a Dahua IP camera and click the extension's icon ( 
) to the right of your address bar. This should add a panel with a new button for you to use:
Related Skills
node-connect
347.6kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
frontend-design
108.4kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
openai-whisper-api
347.6kTranscribe audio via OpenAI Audio Transcriptions API (Whisper).
qqbot-media
347.6kQQBot 富媒体收发能力。使用 <qqmedia> 标签,系统根据文件扩展名自动识别类型(图片/语音/视频/文件)。
