CVE-2021-33818

Name of the Vulnerable Software and Affected Versions: UniFi Protect G3 FLEX Camera version UVC.v4.30.0.67

Description: An issue was discovered in the UniFi Protect G3 FLEX Camera, where attackers can use the slowhttptest tool to send incomplete HTTP requests. This could make the server keep waiting for the packet to finish the connection until its resources are exhausted, resulting in a denial-of-service.

Recommendations: For UniFi Protect G3 FLEX Camera version UVC.v4.30.0.67, consider restricting access to the web server to minimize the risk of exploitation until a patch is available. As a temporary workaround, limiting the number of concurrent connections to the server may help mitigate the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.