Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

CVE-2021-33823

[Discoverer]

*Jian Xian Li, *Hao Hsiang Lin, Guan Yu Lai

Telecom Technology Center

(TTC is an experienced cybersecurity professional team. It helps companies to improve their security posture, and increase the confidence in implementing, and assessing the right security controls and vulnerabilities of network-connectable consumer/medical/industrial products.)

[Description]

An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attacker could send a huge amount of TCP SYN packet to make web service's resource exhausted. Then the web server is denial-of-service.

[Attack Type]

Remote

[Product]

MOXA Mgate MB3180

[Version]

2.1 Build 18113012

UniFi Protect G3 FLEX Camera devices vulnerability

Demonstration

Normally, MOXA Mgate MB3180 ’s web login screenshot is like this. As shown below:

By using hping3 tool to attack to MOXA Mgate MB3180 ’s web server, through send SYN packets repeat ed ly. Making MOXA Mgate MB3180 s web services resource exhaust ed. If attack cause web server out of service successfu lly As shown below:

It makes clients unable to access the web service when the attack was success ful As shown below:

It could be found on wireshark by capturing packets that web service will not be able to provide service normally when client send request to MOX A Mgate MB3180. As shown below:

Reference(s)

https://linuxhint.com/hping3/

https://www.moxa.com/en/products/industrial-edge-connectivity/protocol-gateways/modbus-tcp-gateways/mgate-mb3180-mb3280-mb3480-series

Moxa Security advisory

https://www.moxa.com/en/support/product-support/security-advisory/mgate-mb3180-3280-3480-protocol-gateways-vulnerabilities