Moonraker is a Python-based web server that provides API access to Klipper 3D printing firmware. Versions 0.9.3 and earlier, when configured with the ldap component enabled, are vulnerable to LDAP injection (CWE-90) via the login endpoint. This vulnerability arises from improper neutralization of special elements in LDAP search filters, allowing an attacker to inject crafted input that manipulates the LDAP query logic. The server's 401 error responses reveal whether LDAP searches succeed or fail, enabling attackers to perform brute force enumeration of LDAP directory entries, including user IDs and attributes. This information disclosure can facilitate further attacks such as credential harvesting or privilege escalation. The vulnerability does not require authentication or user interaction and affects confidentiality primarily. It has a CVSS 4.0 base score of 2.7, reflecting low severity due to limited impact and no direct code execution or privilege escalation. The issue was addressed in Moonraker version 0.10.0 by properly sanitizing LDAP inputs and improving error handling to prevent information leakage. No known exploits have been reported in the wild to date.

For European organizations, this vulnerability could lead to unauthorized disclosure of LDAP directory information, which may include user identities and attributes critical for authentication and authorization processes. Such information leakage can aid attackers in crafting targeted phishing campaigns, brute force attacks, or lateral movement within networks. While the direct impact on system availability or integrity is low, the confidentiality breach could undermine trust and compliance with data protection regulations such as GDPR. Organizations relying on Moonraker for managing 3D printing infrastructure, especially those integrating LDAP for authentication, risk exposure of sensitive user data. This could be particularly concerning in sectors with high security requirements like manufacturing, research, and healthcare. The vulnerability's ease of exploitation without authentication increases its risk profile, although the overall severity remains low due to the limited scope of impact and absence of known active exploitation.

European organizations should immediately upgrade Moonraker instances to version 0.10.0 or later, where the LDAP injection vulnerability has been fixed. If upgrading is not immediately feasible, disable the ldap component to eliminate exposure. Restrict network access to the Moonraker login endpoint using firewalls or VPNs to limit potential attackers. Implement robust input validation and sanitization on all LDAP-related inputs beyond the vendor patch. Monitor logs for unusual LDAP query patterns or repeated 401 responses indicative of brute force enumeration attempts. Employ network segmentation to isolate 3D printing infrastructure from critical enterprise systems. Conduct regular security assessments of Moonraker deployments and related authentication mechanisms. Finally, educate administrators about the risks of LDAP injection and the importance of timely patching.