Chrome extension that uses vulnerability CVE-2021-33044 to log in to Dahua IP cameras and VTH/VTO (video intercom) devices without authentication.
For other device types (NVR/DVR/XVR, etc), there exists CVE-2021-33045 which cannot be exploited with an ordinary web browser.
These vulnerabilities are likely to be fixed in firmware released after Sept 2021.
Credit for discovering the vulnerabilities: bashis
Chrom extension by: bp2008
.zip file from the releases section.
- Extract the folder from this zip somewhere.
- Go to chrome’s extensions page (
- Enable the Developer mode option at the top right.
- Click Load unpacked and choose the DahuaLoginBypass folder you extracted.
Go to the login page of a Dahua IP camera and click the extension’s icon ( key) to the right of your address bar. This should add a panel with a new button for you to use: