CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
97.0%
Versions 1.1.5 and earlier of the mu HTTP deamon (muhttpd) are vulnerable to path traversal via crafted HTTP request from an unauthenticated user. This vulnerability can allow unauthenticated users to download arbitrary files and collect private information on the target device.
The muhttpd, hosted at SourceForge as an opensource project, is a lightweight webserver. This software is commonly used in customer premise equipment (CPE), such as home routers and small office routers, to provide device management capability through a web interface. The muhttpd supports the use of CGI scripts that enable remote management of CPE devices.
A path traversal vulnerability in muhttpd (version 1.1.5 and earlier) could allow an unauthenticated attacker to read arbitrary content on the target device, including usernames and passwords, Wireless SSID configurations, ISP connection information, and private keys. If remote management is enabled on a device running vulnerable version of muhttpd, this attack is possible from a remote network. Even in cases with restricted Local Area Network access, a vulnerable version of muhttpd can be accessed using other attack methods such as DNS Rebinding.
An unauthenticated attacker can use crafted HTTP request to download arbitrary files or gather sensitive information from a vulnerable target device. In cases where remote management is enabled on a vulnerable device, a remote unauthenticated attacker can perform these attacks.
Update to the latest version of firmware/software provided by your vendor; see Vendor Information section for details. Downstream developers of embedded systems should update muhttpd software (to version 1.1.7 or later) from SourceForget git repository.
Disabling remote management access, which thereby limits access strictly to local area network, can minimize the exposure introduced by the vulnerable software. Use access control to limit remote management if remote management is desired from specific IP network locations. Additional mitigations are described in the security researcher’s advisory.
Thanks to Derek Abdine for reporting this vulnerability.
This document was written by Brad Runyon, Vijay Sarvepalli, and Eric Hatleback.
495801
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Notified: 2022-06-17 Updated: 2022-08-05
Statement Date: June 29, 2022
CVE-2022-31793 | Affected |
---|
We have not received a statement from the vendor.
Notified: 2022-06-09 Updated: 2022-08-05
Statement Date: August 04, 2022
CVE-2022-31793 | Not Affected |
---|
We have not received a statement from the vendor.
Notified: 2022-06-09 Updated: 2022-08-04 CVE-2022-31793 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2022-06-30 Updated: 2022-08-04 CVE-2022-31793 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2022-06-29 Updated: 2022-08-04 CVE-2022-31793 | Unknown |
---|
We have not received a statement from the vendor.
CVE IDs: | CVE-2022-31793 |
---|---|
Date Public: | 2022-08-04 Date First Published: |