← back
CVE-2022-40691

CVE-2022-40691

CVSS 5.3 MEDIUMEPSS 1.5%CWE-200
In short

The Moxa SDS-3008 Series switch exposes sensitive information through specially-crafted HTTP requests. An attacker can retrieve this data without proper authentication or authorization.

Technical detail

An information disclosure vulnerability in the web application of Moxa SDS-3008 Series (v2.1) allows an unauthenticated attacker to craft specific HTTP requests that bypass access controls and leak sensitive information. The vulnerability requires network access to the web interface but no credentials, potentially exposing configuration, credentials, or operational data.

Summary generated and translated by AI from the official description.
An information disclosure vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected products
Moxa · SDS-3008 Series Industrial Ethernet Switch

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1621https://www.moxa.com/en/support/product-support/security-advisory/sds-3008-series-multiple-web-vulnerabilitieshttps://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1621