Vulnerabilities > CVE-2022-40224 - Unspecified vulnerability in Moxa Sds-3008-T Firmware and Sds-3008 Firmware

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

moxa

NVD

Published: 2023-02-07

Updated: 2023-02-15

Summary

A denial of service vulnerability exists in the web server functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP message header can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.

Vulnerable Configurations

Part	Description	Count
OS	Moxa Moxa SDS 3008 Firmware * Moxa SDS 3008 T Firmware *	2
Hardware	Moxa Moxa SDS 3008 - Moxa SDS 3008 T -	2

References

https://www.moxa.com/en/support/product-support/security-advisory/sds-3008-series-multiple-web-vulnerabilities
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1618