Vulnerability Description
An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Moxa | Mgate Mb3180 Firmware | 2.1 |
| Moxa | Mgate Mb3180 | - |
Related Weaknesses (CWE)
References
- https://github.com/Jian-Xian/CVE-POC/blob/master/CVE-2021-33824.mdExploitThird Party Advisory
- https://github.com/shekyan/slowhttptestThird Party Advisory
- https://www.moxa.com/en/products/industrial-edge-connectivity/protocol-gateways/ProductVendor Advisory
- https://github.com/Jian-Xian/CVE-POC/blob/master/CVE-2021-33824.mdExploitThird Party Advisory
- https://github.com/shekyan/slowhttptestThird Party Advisory
- https://www.moxa.com/en/products/industrial-edge-connectivity/protocol-gateways/ProductVendor Advisory
FAQ
What is CVE-2021-33824?
CVE-2021-33824 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to fin...
How severe is CVE-2021-33824?
CVE-2021-33824 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-33824?
Check the references section above for vendor advisories and patch information. Affected products include: Moxa Mgate Mb3180 Firmware, Moxa Mgate Mb3180.