CVE-2021-33824 — Uncontrolled Resource Consumption in Mgate Mb3180 Firmware

CWE-400 — Uncontrolled Resource Consumption3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.6%

top 29.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Moxa Mgate Mb3180 Firmware

Timeline

PublishedJun 18

Latest updateMay 24

Description

An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDmoxa/mgate_mb3180_firmware2.1

🔴Vulnerability Details

GHSA

GHSA-25hf-m67j-23hc: An issue was discovered on MOXA Mgate MB3180 Version 2↗2022-05-24

▶

CVEList

CVE-2021-33824: An issue was discovered on MOXA Mgate MB3180 Version 2↗2021-06-18

▶