Vulnerability Description
An issue was discovered on 4GEE ROUTER HH70VB Version HH70_E1_02.00_22. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sing4G | 4Gee Router Hh70Vb Firmware | hh70_e1_02.00_22 |
| Sing4G | 4Gee Router Hh70Vb | - |
Related Weaknesses (CWE)
References
- https://github.com/Jian-Xian/CVE-POC/blob/master/CVE-2021-33822.mdExploitThird Party Advisory
- https://github.com/shekyan/slowhttptestThird Party Advisory
- https://www.sing4g.com/product-page/4gee-router-hh70vb-4g-300mbps-2lan-32wifiProductVendor Advisory
- https://github.com/Jian-Xian/CVE-POC/blob/master/CVE-2021-33822.mdExploitThird Party Advisory
- https://github.com/shekyan/slowhttptestThird Party Advisory
- https://www.sing4g.com/product-page/4gee-router-hh70vb-4g-300mbps-2lan-32wifiProductVendor Advisory
FAQ
What is CVE-2021-33822?
CVE-2021-33822 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue was discovered on 4GEE ROUTER HH70VB Version HH70_E1_02.00_22. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to fini...
How severe is CVE-2021-33822?
CVE-2021-33822 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-33822?
Check the references section above for vendor advisories and patch information. Affected products include: Sing4G 4Gee Router Hh70Vb Firmware, Sing4G 4Gee Router Hh70Vb.