PT-2021-20335 · Ee · 4Gee Router Hh70Vb

Guan Yu Lai

Published

2021-06-18

Updated

2021-06-24

CVE-2021-33822

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: 4GEE ROUTER HH70VB version HH70 E1 02.00 22

Description: An issue allows attackers to send incomplete HTTP requests using tools like slowhttptest, causing the server to wait for the packet to finish the connection until its resources are exhausted, resulting in a denial-of-service.

Recommendations: For version HH70 E1 02.00 22, consider restricting access to the web server or implementing rate limiting to minimize the risk of exploitation. As a temporary workaround, restrict the use of HTTP requests that can cause the server to wait indefinitely for a packet to finish the connection.

Exploit

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2021-33822

Affected Products

4Gee Router Hh70Vb

PT-2021-20335 · Ee · 4Gee Router Hh70Vb

CVE-2021-33822

Weakness Enumeration

Related Identifiers

Affected Products

References · 6