CVE-2021-33824

HIGH

Moxa Mgate Mb3180 Firmware - Denial of Service

Title source: rule

Description

An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service.

Exploits (1)

github WRITEUP 10 stars

by Jian-Xian · poc

https://github.com/Jian-Xian/CVE-POC/tree/master/CVE-2021-33824.md

View Code ZIP pw:eip

References (3)

[Third Party Advisory] https://github.com/shekyan/slowhttptest

View Writeup ZIP pw:eip

[Product, Vendor Advisory] https://www.moxa.com/en/products/industrial-edge-connectivity/protocol-gateways/modbus-tcp-gateways/mgate-mb3180-mb3280-mb3480-series

[Exploit, Third Party Advisory] https://github.com/Jian-Xian/CVE-POC/blob/master/CVE-2021-33824.md

View Exploit ZIP pw:eip

Scores

CVSS v3 7.5

EPSS 0.0065

EPSS Percentile 70.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-400

Status published

Products (1)

moxa/mgate_mb3180_firmware 2.1 build_18113012

Published Jun 18, 2021

Tracked Since Feb 18, 2026