Vulnerability Details CVE-2021-33818
An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.2%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://github.com/Jian-Xian/CVE-POC/blob/master/CVE-2021-33818.md
- https://github.com/shekyan/slowhttptest
- https://store.ui.com/collections/unifi-protect-cameras/products/unifi-video-g3-flex-camera
- https://github.com/Jian-Xian/CVE-POC/blob/master/CVE-2021-33818.md
- https://github.com/shekyan/slowhttptest
- https://store.ui.com/collections/unifi-protect-cameras/products/unifi-video-g3-flex-camera
Products affected by CVE-2021-33818
-
cpe:2.3:h:ui:camera_g3_flex:-
-
cpe:2.3:o:ui:camera_g3_flex_firmware:uvc.v4.30.0.67