CVE-2021-33818

HIGH

UI Camera G3 Flex Firmware - Denial of Service

Title source: rule

Description

An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service.

Exploits (1)

github WRITEUP 10 stars

by Jian-Xian · poc

https://github.com/Jian-Xian/CVE-POC/tree/master/CVE-2021-33818.md

View Code ZIP pw:eip

References (3)

[Third Party Advisory] https://github.com/shekyan/slowhttptest

View Writeup ZIP pw:eip

[Product, Vendor Advisory] https://store.ui.com/collections/unifi-protect-cameras/products/unifi-video-g3-flex-camera

[Exploit, Third Party Advisory] https://github.com/Jian-Xian/CVE-POC/blob/master/CVE-2021-33818.md

View Exploit ZIP pw:eip

Scores

CVSS v3 7.5

EPSS 0.0056

EPSS Percentile 68.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-400

Status published

Products (1)

ui/camera_g3_flex_firmware uvc.v4.30.0.67

Published Jun 18, 2021

Tracked Since Feb 18, 2026