CVE-2021-33822

Published: Jun 18, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An issue was discovered on 4GEE ROUTER HH70VB Version HH70_E1_02.00_22. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service.

Affected (1)

Products: Sing4g: 4gee Router Hh70vb Firmware

1 product

4gee Router Hh70vb Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Sing4g 4gee Router Hh70vb Firmware	Version hh70_e1_02.00_22

Running on/with	Platform Versions
Sing4g 4gee Router Hh70vb	All versions

Related CWEs

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (6)

https://github.com/Jian-Xian/CVE-POC/blob/master/CVE-2021-33822.md

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/shekyan/slowhttptest

Source: cve@mitre.org

Third Party Advisory

https://www.sing4g.com/product-page/4gee-router-hh70vb-4g-300mbps-2lan-32wifi

Source: cve@mitre.org

ProductVendor Advisory

https://github.com/Jian-Xian/CVE-POC/blob/master/CVE-2021-33822.md

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://github.com/shekyan/slowhttptest

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.sing4g.com/product-page/4gee-router-hh70vb-4g-300mbps-2lan-32wifi

Source: af854a3a-2127-422b-91ae-364da2661108

ProductVendor Advisory

Timeline

No history available yet.