CVE-2021-33824

HIGH

MOXA Mgate MB3180 2.1 Build 18113012 - Denial of Service via Incomplete HTTP Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-33824. PoCs published by Jian-Xian.

AI-analyzed exploit summary This repository provides a detailed technical writeup on CVE-2021-33824, a Slow HTTP DoS vulnerability affecting MOXA Mgate MB3180 devices. It includes descriptions, attack demonstrations, and references to tools like slowhttptest.

Description

An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service.

Exploits (1)

github WRITEUP 10 stars
by Jian-Xian · poc
https://github.com/Jian-Xian/CVE-POC/tree/master/CVE-2021-33824.md

This repository provides a detailed technical writeup on CVE-2021-33824, a Slow HTTP DoS vulnerability affecting MOXA Mgate MB3180 devices. It includes descriptions, attack demonstrations, and references to tools like slowhttptest.

Classification
Writeup 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: MOXA Mgate MB3180 Version 2.1 Build 18113012
No auth needed
Prerequisites: slowhttptest tool · network access to the target device
devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 7.5
EPSS 0.0223
EPSS Percentile 80.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-400
Status published
Products (1)
moxa/mgate_mb3180_firmware 2.1 build_18113012
Published Jun 18, 2021
Tracked Since Feb 18, 2026