Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Sds\-3008_firmware
(Moxa)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 6 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-02-07 | CVE-2022-40693 | A cleartext transmission vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted network sniffing can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability. | Sds\-3008\-T_firmware, Sds\-3008_firmware | 7.5 | ||
| 2023-02-07 | CVE-2022-41311 | A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id="webLocationMessage_text" name="webLocationMessage_text" | Sds\-3008\-T_firmware, Sds\-3008_firmware | 5.4 | ||
| 2023-02-07 | CVE-2022-40224 | A denial of service vulnerability exists in the web server functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP message header can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. | Sds\-3008\-T_firmware, Sds\-3008_firmware | 7.5 | ||
| 2023-02-07 | CVE-2022-40691 | An information disclosure vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability. | Sds\-3008\-T_firmware, Sds\-3008_firmware | 5.3 | ||
| 2023-02-07 | CVE-2022-41312 | A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id="Switch Description", name "switch_description" | Sds\-3008\-T_firmware, Sds\-3008_firmware | 5.4 | ||
| 2023-02-07 | CVE-2022-41313 | A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id="switch_contact" | Sds\-3008\-T_firmware, Sds\-3008_firmware | 5.4 |