cbcvebase.
CVE-2022-34534
published 2022-07-19

CVE-2022-34534: Digital Watchdog DW Spectrum Server 4.2.0.32842 allows attackers to access sensitive infromation via a crafted API call.

PriorityP352high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
2.10%
79.4th percentile
Digital Watchdog DW Spectrum Server 4.2.0.32842 allows attackers to access sensitive infromation via a crafted API call.

Affected

1 ranges
VendorProductVersion rangeFixed in
dwspectrum_server_firmware

Detection & IOCsextracted from sources · hover to see the quote

url/api/moduleInformation
otherhttp.favicon.hash:868509217
othericon_hash="868509217"
  • Unauthenticated HTTP GET request to /api/moduleInformation returns JSON body containing 'name":', 'cloudHost":', and 'remoteAddresses' fields with HTTP 200 and Content-Type application/json — indicates vulnerable DW Spectrum Server instance.
  • Response header must contain 'application/json' and status code must be 200 to confirm successful unauthenticated information disclosure via the moduleInformation API.
  • Fingerprint DW Spectrum Server instances on Shodan using favicon hash 868509217 or FOFA icon_hash to identify exposed targets.
  • ·Vulnerability is specific to Digital Watchdog DW Spectrum Server version 4.2.0.32842; other versions may not be affected.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.