CVE-2021-33818

HIGH

UniFi Protect G3 FLEX Camera UVC.v4.30.0.67 - Denial of Service via Incomplete HTTP Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-33818. PoCs published by Jian-Xian.

AI-analyzed exploit summary This repository provides a detailed technical writeup on CVE-2021-33818, a Slow HTTP DoS vulnerability affecting UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67. It includes a description of the attack mechanism, demonstration screenshots, and references to tools like slowhttptest.

Description

An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service.

Exploits (1)

github WRITEUP 10 stars
by Jian-Xian · poc
https://github.com/Jian-Xian/CVE-POC/tree/master/CVE-2021-33818.md

This repository provides a detailed technical writeup on CVE-2021-33818, a Slow HTTP DoS vulnerability affecting UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67. It includes a description of the attack mechanism, demonstration screenshots, and references to tools like slowhttptest.

Classification
Writeup 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: UniFi Protect G3 FLEX Camera UVC.v4.30.0.67
No auth needed
Prerequisites: Access to the target device's web server · slowhttptest tool
devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 7.5
EPSS 0.0193
EPSS Percentile 77.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-400
Status published
Products (1)
ui/camera_g3_flex_firmware uvc.v4.30.0.67
Published Jun 18, 2021
Tracked Since Feb 18, 2026