CVE-2021-33824

Published: Jun 18, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service.

Affected (1)

Products: Moxa: Mgate Mb3180 Firmware

1 product

Mgate Mb3180 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Moxa Mgate Mb3180 Firmware	Version 2.1 build_18113012

Running on/with	Platform Versions
Moxa Mgate Mb3180	All versions

Related CWEs

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (6)

https://github.com/Jian-Xian/CVE-POC/blob/master/CVE-2021-33824.md

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/shekyan/slowhttptest

Source: cve@mitre.org

Third Party Advisory

https://www.moxa.com/en/products/industrial-edge-connectivity/protocol-gateways/modbus-tcp-gateways/mgate-mb3180-mb3280-mb3480-series

Source: cve@mitre.org

ProductVendor Advisory

https://github.com/Jian-Xian/CVE-POC/blob/master/CVE-2021-33824.md

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://github.com/shekyan/slowhttptest

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.moxa.com/en/products/industrial-edge-connectivity/protocol-gateways/modbus-tcp-gateways/mgate-mb3180-mb3280-mb3480-series

Source: af854a3a-2127-422b-91ae-364da2661108

ProductVendor Advisory

Timeline

No history available yet.