← back
CVE-2022-40224

CVE-2022-40224

CVSS 5.3 MEDIUMEPSS 64.7%CWE-410
In short

A flaw in Moxa SDS-3008 switches allows an attacker to crash the web server by sending a specially crafted HTTP request header. This can temporarily disable access to the device's management interface.

Technical detail

The vulnerability exists in the HTTP message parsing logic of the web server in Moxa SDS-3008 Series firmware 2.1. A malformed HTTP header can trigger a denial of service condition, requiring an attacker to have network access to the device's web interface (CWE-410: Improper Restriction of Rendered UI Layers or Frames).

Summary generated and translated by AI from the official description.
A denial of service vulnerability exists in the web server functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP message header can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected products
Moxa · SDS-3008 Series Industrial Ethernet Switch

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1618https://www.moxa.com/en/support/product-support/security-advisory/sds-3008-series-multiple-web-vulnerabilitieshttps://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1618