CVE-2021-33818
Summary
| CVE | CVE-2021-33818 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-06-18 19:15:00 UTC |
| Updated | 2021-06-24 20:00:00 UTC |
| Description | An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service. |
Risk And Classification
Problem Types: CWE-400
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Ui | Camera G3 Flex | - | All | All | All |
| Hardware | Ui | Camera G3 Flex Camera | - | All | All | All |
| Operating System | Ui | Camera G3 Flex Firmware | uvc.v4.30.0.67 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| UniFi Protect G3 FLEX Camera – Ubiquiti Inc. | MISC | store.ui.com | |
| GitHub - shekyan/slowhttptest: Application Layer DoS attack simulator | MISC | github.com | |
| CVE-POC/CVE-2021-33818.md at master · Jian-Xian/CVE-POC · GitHub | MISC | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.