CVE-2021-33824

Опубликовано: 18 июн. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service.

Ссылки

https://github.com/Jian-Xian/CVE-POC/blob/master/CVE-2021-33824.md
Exploit
Third Party Advisory
https://github.com/shekyan/slowhttptest
Third Party Advisory
https://www.moxa.com/en/products/industrial-edge-connectivity/protocol-gateways/modbus-tcp-gateways/mgate-mb3180-mb3280-mb3480-series
Product
Vendor Advisory
https://github.com/Jian-Xian/CVE-POC/blob/master/CVE-2021-33824.md
Exploit
Third Party Advisory
https://github.com/shekyan/slowhttptest
Third Party Advisory
https://www.moxa.com/en/products/industrial-edge-connectivity/protocol-gateways/modbus-tcp-gateways/mgate-mb3180-mb3280-mb3480-series
Product
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:moxa:mgate_mb3180_firmware:2.1:build_18113012:*:*:*:*:*:*

cpe:2.3:h:moxa:mgate_mb3180:-:*:*:*:*:*:*:*

EPSS

Процентиль: 70%

0.00645

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-400

Связанные уязвимости

GHSA-25hf-m67j-23hc

github

около 3 лет назад