PT-2021-20337 · Moxa · Moxa Mgate Mb3180

Guan Yu Lai

Published

2021-06-18

Updated

2021-06-24

CVE-2021-33824

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: MOXA Mgate MB3180 version 2.1 Build 18113012

Description: An issue allows attackers to send incomplete HTTP requests using the slowhttptest tool, causing the server to wait for the packet to finish the connection until its resources are exhausted, resulting in a denial-of-service.

Recommendations: For MOXA Mgate MB3180 version 2.1 Build 18113012, consider implementing measures to handle incomplete HTTP requests, such as setting timeouts for connection closure or limiting the number of concurrent connections, until a patch is available. As a temporary workaround, restrict access to the web server to minimize the risk of exploitation.

Exploit

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2021-33824

Affected Products

Moxa Mgate Mb3180

PT-2021-20337 · Moxa · Moxa Mgate Mb3180

CVE-2021-33824

Weakness Enumeration

Related Identifiers

Affected Products

References · 7