CVE-2021-33823

Vulnerability

The vulnerability resides in the web service component of MOXA Mgate MB3180 firmware version 2.1 Build 18113012. The service does not rate-limit or adequately manage incoming TCP connections, allowing an attacker to exhaust system resources by sending a large volume of TCP SYN packets. The affected product is the MGate MB3180, part of the MB3180/MB3280/MB3480 series of Modbus TCP gateways [1].

Exploitation

An attacker with network access to the device can launch a remote, unauthenticated TCP SYN flood attack. Using a tool such as hping3, the attacker repeatedly sends SYN packets to the device's web service IP address. The attack does not require any authentication or user interaction [2].

Impact

Successful exploitation exhausts the web service's resources, preventing legitimate clients from accessing the web interface. The result is a denial of service (DoS) of the management web service. There is no indication of data disclosure, modification, or code execution; the impact is limited to service availability [1][2].

Mitigation

As of the available references, no fixed firmware version is disclosed. Users should monitor Moxa's security advisory page for updates. In the interim, network-level mitigations such as rate-limiting inbound SYN packets to the device or restricting access to the web interface via firewall rules can reduce exposure [1][2].