Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2022-31793
HistoryAug 04, 2022 - 10:15 p.m.

CVE-2022-31793

2022-08-0422:15:08
CWE-22
mitre
web.nvd.nist.gov
51
3
cve-2022-31793
muhttpd
remote attackers
file read
security vulnerability

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.5

Confidence

High

EPSS

0.303

Percentile

97.0%

JSON

do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589, and NVG510 devices and Arris-derived BGW210 and BGW320 devices are affected.

Affected configurations

Nvd
Node
inglorionmuhttpdRange<1.1.7
Node
arrisnvg443_firmwareMatch-
AND
arrisnvg443Match-
Node
arrisnvg599_firmwareMatch-
AND
arrisnvg599Match-
Node
arrisnvg589_firmwareMatch-
AND
arrisnvg589Match-
Node
arrisnvg510_firmwareMatch-
AND
arrisnvg510Match-
Node
arrisbgw210_firmwareMatch-
AND
arrisbgw210Match-
Node
arrisbgw320_firmwareMatch-
AND
arrisbgw320Match-
VendorProductVersionCPE
inglorionmuhttpd*cpe:2.3:a:inglorion:muhttpd:*:*:*:*:*:*:*:*
arrisnvg443_firmware-cpe:2.3:o:arris:nvg443_firmware:-:*:*:*:*:*:*:*
arrisnvg443-cpe:2.3:h:arris:nvg443:-:*:*:*:*:*:*:*
arrisnvg599_firmware-cpe:2.3:o:arris:nvg599_firmware:-:*:*:*:*:*:*:*
arrisnvg599-cpe:2.3:h:arris:nvg599:-:*:*:*:*:*:*:*
arrisnvg589_firmware-cpe:2.3:o:arris:nvg589_firmware:-:*:*:*:*:*:*:*
arrisnvg589-cpe:2.3:h:arris:nvg589:-:*:*:*:*:*:*:*
arrisnvg510_firmware-cpe:2.3:o:arris:nvg510_firmware:-:*:*:*:*:*:*:*
arrisnvg510-cpe:2.3:h:arris:nvg510:-:*:*:*:*:*:*:*
arrisbgw210_firmware-cpe:2.3:o:arris:bgw210_firmware:-:*:*:*:*:*:*:*
Rows per page:
1-10 of 131

Social References

More

Related

openvas 2
githubexploit 1
nvd 1
cvelist 1
cert 1
prion 1
malwarebytes 2
openvas
openvas
ARRIS Routers Information Disclosure Vulnerability (Jun 2022) - Active Check
2022-08-12 00:00:00
Generic HTTP Directory Traversal (Web Dirs) - Active Check
2021-07-22 00:00:00
githubexploit
githubexploit
Exploit for Path Traversal in Inglorion Muhttpd
2022-08-19 01:42:08
nvd
nvd
CVE-2022-31793
2022-08-04 22:15:08
cvelist
cvelist
CVE-2022-31793
2022-08-04 21:55:05
cert
cert
muhttpd versions 1.1.5 and earlier are vulnerable to path traversal
2022-08-04 00:00:00
prion
prion
Design/Logic Flaw
2022-08-04 22:15:00
malwarebytes
malwarebytes
Millions of Arris routers are vulnerable to path traversal attacks
2022-08-01 17:31:40
Millions of Arris routers are vulnerable to path traversal attacks
2022-08-01 17:00:00

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.5

Confidence

High

EPSS

0.303

Percentile

97.0%

JSON
Related for CVE-2022-31793
openvas2githubexploit1nvd1cvelist1cert1prion1malwarebytes2