CVE-2021-33818
[Discoverer]
*Jian Xian Li, *Hao Hsiang Lin, Guan Yu Lai
Telecom Technology Center
(TTC is an experienced cybersecurity professional team. It helps companies to improve their security posture, and increase the confidence in implementing, and assessing the right security controls and vulnerabilities of network-connectable consumer/medical/industrial products.)
[Description]
An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service.
[Attack Type]
Remote
[Product]
UniFi Protect G3 FLEX Camera
[Version]
UVC.v4.30.0.67
UniFi Protect G3 FLEX Camera devices vulnerability
Demonstration
Normally, UniFi Protect G3 Flex Camera’s web login screensh ot is like this. As shown below:
By using slowhttptest tool to attack to UniFi Protect G3 Flex Camera ’s web server, keep it waiting for response until its resource exhausted, therefore achieves Slow HTTP DoS Attack. As shown below:
If attack cause web server out of service successfully, option service available will show text NO with red color. As shown below:
It could not be accessed when attack success. As shown below:
Reference(s)
https://github.com/shekyan/slowhttptest
https://store.ui.com/collections/unifi-protect-cameras/products/unifi-video-g3-flex-camera



