CVE-2022-34534
published 2022-07-19CVE-2022-34534: Digital Watchdog DW Spectrum Server 4.2.0.32842 allows attackers to access sensitive infromation via a crafted API call.
PriorityP352high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
2.10%
79.4th percentile
Digital Watchdog DW Spectrum Server 4.2.0.32842 allows attackers to access sensitive infromation via a crafted API call.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dw | spectrum_server_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Unauthenticated HTTP GET request to /api/moduleInformation returns JSON body containing 'name":', 'cloudHost":', and 'remoteAddresses' fields with HTTP 200 and Content-Type application/json — indicates vulnerable DW Spectrum Server instance. ↗
- →Response header must contain 'application/json' and status code must be 200 to confirm successful unauthenticated information disclosure via the moduleInformation API. ↗
- →Fingerprint DW Spectrum Server instances on Shodan using favicon hash 868509217 or FOFA icon_hash to identify exposed targets. ↗
- ·Vulnerability is specific to Digital Watchdog DW Spectrum Server version 4.2.0.32842; other versions may not be affected. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Digital Watchdog DW Spectrum Server 4.2.0.32842 - Information Disclosure
nuclei·CVSS 7.5
CVE-2022-34534 [HIGH] Digital Watchdog DW Spectrum Server 4.2.0.32842 - Information Disclosure
Digital Watchdog DW Spectrum Server 4.2.0.32842 - Information Disclosure
Digital Watchdog DW Spectrum Server 4.2.0.32842 allows attackers to access sensitive infromation via a crafted API call.
Template:
id: CVE-2022-34534
info:
name: Digital Watchdog DW Spectrum Server 4.2.0.32842 - Information Disclosure
author: ritikchaddha
severity: high
description: |
Digital Watchdog DW Spectrum Server 4.2.0.32842 allows attackers to access sensitive infromation via a crafted API call.
impact: |
Unauthenticated attackers can access sensitive system information including network configuration, remote addresses, and cloud host details through the moduleInformation API endpoint, potentially facilitating further attacks.
remediation: |
Update Digital Watchdog DW Spectrum Server to a version newer tha
2022-07-19
Published