Vulnerability Description
An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ui | Camera G3 Flex Firmware | uvc.v4.30.0.67 |
| Ui | Camera G3 Flex | - |
Related Weaknesses (CWE)
References
- https://github.com/Jian-Xian/CVE-POC/blob/master/CVE-2021-33818.mdExploitThird Party Advisory
- https://github.com/shekyan/slowhttptestThird Party Advisory
- https://store.ui.com/collections/unifi-protect-cameras/products/unifi-video-g3-fProductVendor Advisory
- https://github.com/Jian-Xian/CVE-POC/blob/master/CVE-2021-33818.mdExploitThird Party Advisory
- https://github.com/shekyan/slowhttptestThird Party Advisory
- https://store.ui.com/collections/unifi-protect-cameras/products/unifi-video-g3-fProductVendor Advisory
FAQ
What is CVE-2021-33818?
CVE-2021-33818 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet...
How severe is CVE-2021-33818?
CVE-2021-33818 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-33818?
Check the references section above for vendor advisories and patch information. Affected products include: Ui Camera G3 Flex Firmware, Ui Camera G3 Flex.