CVE-2021-33818

An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
Common Weakness Enumeration
References
https://github.com/Jian-Xian/CVE-POC/blob/master/CVE-2021-33818.md
https://github.com/shekyan/slowhttptest
https://store.ui.com/collections/unifi-protect-cameras/products/unifi-video-g3-flex-camera
https://github.com/Jian-Xian/CVE-POC/blob/master/CVE-2021-33818.md
https://github.com/shekyan/slowhttptest
https://store.ui.com/collections/unifi-protect-cameras/products/unifi-video-g3-flex-camera