Jian Xian Li

Name of the Vulnerable Software and Affected Versions: UniFi Protect G3 FLEX Camera version UVC.v4.30.0.67 Description: An issue was discovered in the UniFi Protect G3 FLEX Camera, where attackers can use the slowhttptest tool to send incomplete HTTP requests. This could make the server keep waiting for the packet to finish the connection until its resources are exhausted, resulting in a denial-of-service. Recommendations: For UniFi Protect G3 FLEX Camera version UVC.v4.30.0.67, consider restricting access to the web server to minimize the risk of exploitation until a patch is available. As a temporary workaround, limiting the number of concurrent connections to the server may help mitigate the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: UniFi Protect G3 FLEX Camera version UVC.v4.30.0.67 Description: An issue was discovered where an attacker could send a large amount of TCP SYN packets to exhaust the web service's resources, resulting in a denial-of-service. Recommendations: For UniFi Protect G3 FLEX Camera version UVC.v4.30.0.67, consider restricting access to the web server to minimize the risk of exploitation. As a temporary workaround, implement rate limiting on TCP SYN packets to prevent resource exhaustion. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: 4GEE ROUTER HH70VB version HH70 E1 02.00 22 Description: An issue allows attackers to send incomplete HTTP requests using tools like slowhttptest, causing the server to wait for the packet to finish the connection until its resources are exhausted, resulting in a denial-of-service. Recommendations: For version HH70 E1 02.00 22, consider restricting access to the web server or implementing rate limiting to minimize the risk of exploitation. As a temporary workaround, restrict the use of HTTP requests that can cause the server to wait indefinitely for a packet to finish the connection.

Name of the Vulnerable Software and Affected Versions: MOXA Mgate MB3180 version 2.1 Build 18113012 Description: An issue was discovered where an attacker could send a huge amount of TCP SYN packets to exhaust the web service's resources, resulting in a denial-of-service. Recommendations: For MOXA Mgate MB3180 version 2.1 Build 18113012, consider implementing rate limiting on incoming TCP SYN packets to prevent resource exhaustion. As a temporary workaround, restrict access to the web server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: MOXA Mgate MB3180 version 2.1 Build 18113012 Description: An issue allows attackers to send incomplete HTTP requests using the slowhttptest tool, causing the server to wait for the packet to finish the connection until its resources are exhausted, resulting in a denial-of-service. Recommendations: For MOXA Mgate MB3180 version 2.1 Build 18113012, consider implementing measures to handle incomplete HTTP requests, such as setting timeouts for connection closure or limiting the number of concurrent connections, until a patch is available. As a temporary workaround, restrict access to the web server to minimize the risk of exploitation.