Vulnerability Details CVE-2021-33824
An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 69.7%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://github.com/Jian-Xian/CVE-POC/blob/master/CVE-2021-33824.md
- https://github.com/shekyan/slowhttptest
- https://www.moxa.com/en/products/industrial-edge-connectivity/protocol-gateways/modbus-tcp-gateways/mgate-mb3180-mb3280-mb3480-series
- https://github.com/Jian-Xian/CVE-POC/blob/master/CVE-2021-33824.md
- https://github.com/shekyan/slowhttptest
- https://www.moxa.com/en/products/industrial-edge-connectivity/protocol-gateways/modbus-tcp-gateways/mgate-mb3180-mb3280-mb3480-series
Products affected by CVE-2021-33824
-
cpe:2.3:h:moxa:mgate_mb3180:-
-
cpe:2.3:o:moxa:mgate_mb3180_firmware:2.1