CVE-2021-33823

An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attacker could send a huge amount of TCP SYN packet to make web service's resource exhausted. Then the web server is denial-of-service.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://github.com/Jian-Xian/CVE-POC/blob/master/CVE-2021-33823.md	Exploit Third Party Advisory
https://www.moxa.com/en/products/industrial-edge-connectivity/protocol-gateways/modbus-tcp-gateways/mgate-mb3180-mb3280-mb3480-series	Product Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:moxa:mgate_mb3180_firmware:2.1:build_18113012:*:*:*:*:*:*

cpe:2.3:h:moxa:mgate_mb3180:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-06-18 20:15

Updated : 2024-02-28 18:28

NVD link : CVE-2021-33823

Mitre link : CVE-2021-33823

CVE.ORG link : CVE-2021-33823

JSON object : View

Products Affected

moxa

mgate_mb3180
mgate_mb3180_firmware

CWE

NVD-CWE-noinfo

{"id": "CVE-2021-33823", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2021-06-18T20:15:07.767", "references": [{"url": "https://github.com/Jian-Xian/CVE-POC/blob/master/CVE-2021-33823.md", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.moxa.com/en/products/industrial-edge-connectivity/protocol-gateways/modbus-tcp-gateways/mgate-mb3180-mb3280-mb3480-series", "tags": ["Product", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attacker could send a huge amount of TCP SYN packet to make web service's resource exhausted. Then the web server is denial-of-service."}, {"lang": "es", "value": "Se ha detectado un problema en MOXA Mgate MB3180 Versi\u00f3n 2.1 Build 18113012. Un atacante podr\u00eda enviar una gran cantidad de paquetes TCP SYN para hacer que los recursos del servicio web sean agotados. Entonces el servidor web sufre una denegaci\u00f3n de servicio"}], "lastModified": "2022-07-12T17:42:04.277", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:moxa:mgate_mb3180_firmware:2.1:build_18113012:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "710B345C-073A-4294-9EF9-C4C30D266513"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:moxa:mgate_mb3180:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EF77C838-FB6C-4A55-B5E5-FA4DDE11F3BA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}