CVE-2021-33824

An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
VendorProductVersion
moxamgate_mb3180_firmware
2.1:build_18113012
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/Jian-Xian/CVE-POC/blob/master/CVE-2021-33824.md
https://github.com/shekyan/slowhttptest
https://www.moxa.com/en/products/industrial-edge-connectivity/protocol-gateways/modbus-tcp-gateways/mgate-mb3180-mb3280-mb3480-series
https://github.com/Jian-Xian/CVE-POC/blob/master/CVE-2021-33824.md
https://github.com/shekyan/slowhttptest
https://www.moxa.com/en/products/industrial-edge-connectivity/protocol-gateways/modbus-tcp-gateways/mgate-mb3180-mb3280-mb3480-series