CVE-2021-33818

Published: Jun 18, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service.

Affected (1)

Products: Ui: Camera G3 Flex Firmware

1 product

Camera G3 Flex Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ui Camera G3 Flex Firmware	Version uvc.v4.30.0.67

Running on/with	Platform Versions
Ui Camera G3 Flex	All versions

Related CWEs

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (6)

https://github.com/Jian-Xian/CVE-POC/blob/master/CVE-2021-33818.md

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/shekyan/slowhttptest

Source: cve@mitre.org

Third Party Advisory

https://store.ui.com/collections/unifi-protect-cameras/products/unifi-video-g3-flex-camera

Source: cve@mitre.org

ProductVendor Advisory

https://github.com/Jian-Xian/CVE-POC/blob/master/CVE-2021-33818.md

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://github.com/shekyan/slowhttptest

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://store.ui.com/collections/unifi-protect-cameras/products/unifi-video-g3-flex-camera

Source: af854a3a-2127-422b-91ae-364da2661108

ProductVendor Advisory

Timeline

No history available yet.