Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-33818


An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service.


Published

2021-06-18T19:15:07.497

Last Modified

2024-11-21T06:09:37.593

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: PARTIAL
Exploitability Score

10.0

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-400

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System ui camera_g3_flex_firmware uvc.v4.30.0.67 Yes
Hardware ui camera_g3_flex - No

References