CVE-2021-33820

Опубликовано: 18 июн. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67.Attacker could send a huge amount of TCP SYN packet to make web service's resource exhausted. Then the web server is denial-of-service.

Ссылки

https://github.com/Jian-Xian/CVE-POC/blob/master/CVE-2021-33820.md
Exploit
Third Party Advisory
https://linuxhint.com/hping3/
Third Party Advisory
https://store.ui.com/collections/unifi-protect-cameras/products/unifi-video-g3-flex-camera
Product
Vendor Advisory
https://github.com/Jian-Xian/CVE-POC/blob/master/CVE-2021-33820.md
Exploit
Third Party Advisory
https://linuxhint.com/hping3/
Third Party Advisory
https://store.ui.com/collections/unifi-protect-cameras/products/unifi-video-g3-flex-camera
Product
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:ui:camera_g3_flex_firmware:uvc.v4.30.0.67:*:*:*:*:*:*:*

cpe:2.3:h:ui:camera_g3_flex:-:*:*:*:*:*:*:*

EPSS

Процентиль: 68%

0.0056

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-8vw7-3cp3-ph8j