First published: Tue Feb 07 2023(Updated: )
An information disclosure vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability.
Credit: talos-cna@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Moxa Sds-3008 Firmware | <=2.1 | |
Moxa SDS-3008 | ||
Moxa Sds-3008-t Firmware | <=2.1 | |
Moxa Sds-3008-t |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-40691 is an information disclosure vulnerability in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1.
CVE-2022-40691 allows an attacker to send a specially-crafted HTTP request that can lead to a disclosure of sensitive information on the switch.
CVE-2022-40691 has a severity rating of 5.3, which is considered medium.
To fix CVE-2022-40691, it is recommended to update to a patched version of Moxa SDS-3008 Series Industrial Ethernet Switch firmware.
You can find more information about CVE-2022-40691 on the Talos Intelligence vulnerability report and the Moxa security advisory.