Moonraker is a Python-based web server that provides API access to Klipper 3D printer firmware. Versions 0.9.3 and earlier, when configured with the ldap component enabled, are vulnerable to LDAP injection attacks at the login endpoint. The vulnerability arises from improper neutralization of special characters in LDAP search filters (CWE-90), allowing an attacker to inject crafted input that alters the LDAP query logic. By analyzing the 401 Unauthorized error responses, an attacker can determine whether LDAP search queries succeed or fail, enabling brute force enumeration of LDAP entries such as user IDs and attributes. This information disclosure can aid in further attacks or reconnaissance. The vulnerability requires no authentication or user interaction, making it remotely exploitable over the network. The flaw was addressed in Moonraker version 0.10.0 by properly sanitizing LDAP query inputs. The CVSS 4.0 base score is 2.7, reflecting low severity due to limited impact on confidentiality and no direct integrity or availability compromise. No known exploits are currently in the wild. The vulnerability is related to CWE-90 (LDAP Injection) and CWE-209 (Information Exposure Through an Error Message).

For European organizations using Moonraker versions prior to 0.10.0 with LDAP enabled, this vulnerability can lead to unauthorized disclosure of LDAP directory information, including user identifiers and attributes. While it does not allow direct system compromise or code execution, the leaked information can facilitate targeted attacks such as credential stuffing, social engineering, or privilege escalation attempts. Organizations relying on LDAP for authentication and user management in 3D printing environments may face increased risk of reconnaissance by threat actors. This is particularly relevant for industries with sensitive intellectual property or manufacturing processes controlled via Klipper firmware. The impact on confidentiality is limited but non-negligible, especially if combined with other vulnerabilities. Availability and integrity are not directly affected. The low CVSS score aligns with this assessment, but the risk increases if attackers chain this with other exploits.

The primary mitigation is to upgrade Moonraker to version 0.10.0 or later, where the LDAP injection vulnerability is fixed. Until upgrade is possible, organizations should disable the ldap component if not strictly required. Network-level controls should restrict access to the Moonraker login endpoint to trusted IP addresses or VPN users to reduce exposure. Implementing Web Application Firewalls (WAFs) with rules to detect and block LDAP injection patterns can provide additional protection. Monitoring logs for unusual LDAP query patterns or repeated 401 responses can help detect exploitation attempts. Regularly auditing LDAP configurations and access controls will minimize the impact of any information disclosure. Finally, educating administrators about the risks of LDAP injection and proper input sanitization is recommended to prevent similar issues in custom integrations.