Vulnerability Details : CVE-2021-33822
Potential exploit
An issue was discovered on 4GEE ROUTER HH70VB Version HH70_E1_02.00_22. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service.
Vulnerability category: Denial of service
Products affected by CVE-2021-33822
- cpe:2.3:o:sing4g:4gee_router_hh70vb_firmware:hh70_e1_02.00_22:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-33822
0.56%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 66 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-33822
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2021-33822
-
The product does not properly control the allocation and maintenance of a limited resource.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-33822
-
https://github.com/shekyan/slowhttptest
GitHub - shekyan/slowhttptest: Application Layer DoS attack simulatorThird Party Advisory
-
https://github.com/Jian-Xian/CVE-POC/blob/master/CVE-2021-33822.md
CVE-POC/CVE-2021-33822.md at master · Jian-Xian/CVE-POC · GitHubExploit;Third Party Advisory
-
https://www.sing4g.com/product-page/4gee-router-hh70vb-4g-300mbps-2lan-32wifi
4GEE ROUTER HH70VB (4G 300Mbps 2LAN 32WIFI ) | sing4gProduct;Vendor Advisory
Jump to