Resource exhaustion in Moxa Mgate_mb3180
CVE-2021-33824
An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource…
Vulnerability class: DoS (Denial of Service)
EPSS: 0.022 (80.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.
Affected products
- Moxa Mgate_mb3180
- Moxa Mgate_mb3180_firmware — versions 2.1
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- cve@mitre.org (Third Party Advisory, x_refsource_MISC)
- cve@mitre.org (Product, x_refsource_MISC, Vendor Advisory)
- cve@mitre.org (Exploit, Third Party Advisory, x_refsource_MISC)
Frequently asked questions
- What is CVE-2021-33824?
- CVE-2021-33824 is a high-severity vulnerability in Moxa Mgate_mb3180, classified under Uncontrolled Resource Consumption. CVSS score: 7.5/10. Published 2021-06-18.
- How severe is CVE-2021-33824?
- High severity. CVSS v3 base score is 7.5 out of 10.
- Is CVE-2021-33824 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.