Vulnerabilites related to inglorion - muhttpd
CVE-2022-31793 (GCVE-0-2022-31793)
Vulnerability from cvelistv5
Published
2022-08-04 21:55
Modified
2024-08-03 07:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589, and NVG510 devices and Arris-derived BGW210 and BGW320 devices are affected.
References
| ▼ | URL | Tags |
|---|---|---|
| http://inglorion.net/software/muhttpd/ | x_refsource_MISC | |
| https://kb.cert.org/vuls/id/495801 | x_refsource_MISC | |
| https://derekabdine.com/blog/2022-arris-advisory | x_refsource_MISC | |
| https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/08/millions-of-arris-routers-are-vulnerable-to-path-traversal-attacks/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.085Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/495801"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://inglorion.net/software/muhttpd/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/495801"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://derekabdine.com/blog/2022-arris-advisory"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/08/millions-of-arris-routers-are-vulnerable-to-path-traversal-attacks/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589, and NVG510 devices and Arris-derived BGW210 and BGW320 devices are affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-04T21:55:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://inglorion.net/software/muhttpd/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cert.org/vuls/id/495801"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://derekabdine.com/blog/2022-arris-advisory"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/08/millions-of-arris-routers-are-vulnerable-to-path-traversal-attacks/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-31793",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589, and NVG510 devices and Arris-derived BGW210 and BGW320 devices are affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://inglorion.net/software/muhttpd/",
"refsource": "MISC",
"url": "http://inglorion.net/software/muhttpd/"
},
{
"name": "https://kb.cert.org/vuls/id/495801",
"refsource": "MISC",
"url": "https://kb.cert.org/vuls/id/495801"
},
{
"name": "https://derekabdine.com/blog/2022-arris-advisory",
"refsource": "MISC",
"url": "https://derekabdine.com/blog/2022-arris-advisory"
},
{
"name": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/08/millions-of-arris-routers-are-vulnerable-to-path-traversal-attacks/",
"refsource": "MISC",
"url": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/08/millions-of-arris-routers-are-vulnerable-to-path-traversal-attacks/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-31793",
"datePublished": "2022-08-04T21:55:05",
"dateReserved": "2022-05-27T00:00:00",
"dateUpdated": "2024-08-03T07:26:01.085Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-202208-0319
Vulnerability from variot
do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589, and NVG510 devices and Arris-derived BGW210 and BGW320 devices are affected. Versions 1.1.5 and earlier of the mu HTTP deamon (muhttpd) are vulnerable to path traversal via crafted HTTP request from an unauthenticated user. This vulnerability can allow unauthenticated users to download arbitrary files and collect private information on the target device.CVE-2022-31793 AffectedCVE-2022-31793 Affected. muhttpd contains a directory traversal vulnerability. muhttpd is mainly for home routers, etc. CPE (Customer Premise Equipment) employed in Web Server. version 1.1.5 and earlier muhttpd contains a directory traversal vulnerability ( CWE-22 ) exists. Due to this vulnerability, user names and passwords stored in the device, SSID settings related to ISP Sensitive information such as connection information may be leaked. muhttpd teeth CPE Enables remote management of equipment CGI Supports the use of scripts. Please note that this vulnerability can be remotely attacked if the device is in a state that can be remotely managed.vulnerable version of muhttpd specially crafted from a third party with access to the device on which HTTP Any file in the device may be stolen by sending the request
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202208-0319",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bgw210",
"scope": "eq",
"trust": 1.0,
"vendor": "arris",
"version": null
},
{
"model": "nvg589",
"scope": "eq",
"trust": 1.0,
"vendor": "arris",
"version": null
},
{
"model": "muhttpd",
"scope": "lt",
"trust": 1.0,
"vendor": "inglorion",
"version": "1.1.7"
},
{
"model": "bgw320",
"scope": "eq",
"trust": 1.0,
"vendor": "arris",
"version": null
},
{
"model": "nvg599",
"scope": "eq",
"trust": 1.0,
"vendor": "arris",
"version": null
},
{
"model": "nvg510",
"scope": "eq",
"trust": 1.0,
"vendor": "arris",
"version": null
},
{
"model": "nvg443",
"scope": "eq",
"trust": 1.0,
"vendor": "arris",
"version": null
},
{
"model": "muhttpd",
"scope": "lte",
"trust": 0.8,
"vendor": "muhttpd",
"version": "1.1.5 and earlier"
},
{
"model": "muhttpd",
"scope": "eq",
"trust": 0.8,
"vendor": "muhttpd",
"version": null
},
{
"model": "muhttpd",
"scope": null,
"trust": 0.8,
"vendor": "muhttpd",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002222"
},
{
"db": "NVD",
"id": "CVE-2022-31793"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This document was written by Brad Runyon, Vijay Sarvepalli, and Eric Hatleback.Statement Date:\u00a0\u00a0 June 29, 2022",
"sources": [
{
"db": "CERT/CC",
"id": "VU#495801"
}
],
"trust": 0.8
},
"cve": "CVE-2022-31793",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-31793",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-31793",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-31793",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-31793",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-2185",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002222"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2185"
},
{
"db": "NVD",
"id": "CVE-2022-31793"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589, and NVG510 devices and Arris-derived BGW210 and BGW320 devices are affected. Versions 1.1.5 and earlier of the mu HTTP deamon (muhttpd) are vulnerable to path traversal via crafted HTTP request from an unauthenticated user. This vulnerability can allow unauthenticated users to download arbitrary files and collect private information on the target device.CVE-2022-31793 AffectedCVE-2022-31793 Affected. muhttpd contains a directory traversal vulnerability. muhttpd is mainly for home routers, etc. CPE (Customer Premise Equipment) employed in Web Server. version 1.1.5 and earlier muhttpd contains a directory traversal vulnerability ( CWE-22 ) exists. Due to this vulnerability, user names and passwords stored in the device, SSID settings related to ISP Sensitive information such as connection information may be leaked. muhttpd teeth CPE Enables remote management of equipment CGI Supports the use of scripts. Please note that this vulnerability can be remotely attacked if the device is in a state that can be remotely managed.vulnerable version of muhttpd specially crafted from a third party with access to the device on which HTTP Any file in the device may be stolen by sending the request",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-31793"
},
{
"db": "CERT/CC",
"id": "VU#495801"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002222"
},
{
"db": "VULMON",
"id": "CVE-2022-31793"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-31793",
"trust": 4.1
},
{
"db": "CERT/CC",
"id": "VU#495801",
"trust": 3.3
},
{
"db": "JVN",
"id": "JVNVU97753810",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002222",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2185",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-31793",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#495801"
},
{
"db": "VULMON",
"id": "CVE-2022-31793"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002222"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2185"
},
{
"db": "NVD",
"id": "CVE-2022-31793"
}
]
},
"id": "VAR-202208-0319",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-08-14T14:43:49.242000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "muhttpd",
"trust": 0.8,
"url": "https://sourceforge.net/projects/muhttpd/"
},
{
"title": "muhttpd Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=203978"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002222"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2185"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.0
},
{
"problemtype": "Path traversal (CWE-22) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002222"
},
{
"db": "NVD",
"id": "CVE-2022-31793"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://derekabdine.com/blog/2022-arris-advisory"
},
{
"trust": 2.5,
"url": "https://kb.cert.org/vuls/id/495801"
},
{
"trust": 1.7,
"url": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/08/millions-of-arris-routers-are-vulnerable-to-path-traversal-attacks/"
},
{
"trust": 1.1,
"url": "http://inglorion.net/software/muhttpd/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97753810/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31793"
},
{
"trust": 0.6,
"url": "httpd/"
},
{
"trust": 0.6,
"url": "http://inglorion.net/software/mu"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-31793/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-31793"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002222"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2185"
},
{
"db": "NVD",
"id": "CVE-2022-31793"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#495801"
},
{
"db": "VULMON",
"id": "CVE-2022-31793"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002222"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2185"
},
{
"db": "NVD",
"id": "CVE-2022-31793"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-04T00:00:00",
"db": "CERT/CC",
"id": "VU#495801"
},
{
"date": "2022-08-04T00:00:00",
"db": "VULMON",
"id": "CVE-2022-31793"
},
{
"date": "2022-08-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-002222"
},
{
"date": "2022-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2185"
},
{
"date": "2022-08-04T22:15:08.017000",
"db": "NVD",
"id": "CVE-2022-31793"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-05T00:00:00",
"db": "CERT/CC",
"id": "VU#495801"
},
{
"date": "2022-08-04T00:00:00",
"db": "VULMON",
"id": "CVE-2022-31793"
},
{
"date": "2024-06-14T06:38:00",
"db": "JVNDB",
"id": "JVNDB-2022-002222"
},
{
"date": "2022-08-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2185"
},
{
"date": "2022-08-11T18:07:01.703000",
"db": "NVD",
"id": "CVE-2022-31793"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2185"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "muhttpd versions 1.1.5 and earlier are vulnerable to path traversal",
"sources": [
{
"db": "CERT/CC",
"id": "VU#495801"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2185"
}
],
"trust": 0.6
}
}
Vulnerability from fkie_nvd
Published
2022-08-04 22:15
Modified
2024-11-21 07:05
Severity ?
Summary
do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589, and NVG510 devices and Arris-derived BGW210 and BGW320 devices are affected.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| inglorion | muhttpd | * | |
| arris | nvg443_firmware | - | |
| arris | nvg443 | - | |
| arris | nvg599_firmware | - | |
| arris | nvg599 | - | |
| arris | nvg589_firmware | - | |
| arris | nvg589 | - | |
| arris | nvg510_firmware | - | |
| arris | nvg510 | - | |
| arris | bgw210_firmware | - | |
| arris | bgw210 | - | |
| arris | bgw320_firmware | - | |
| arris | bgw320 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:inglorion:muhttpd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CEA107B5-A8F4-4E3E-848B-4D3D986AC0F6",
"versionEndExcluding": "1.1.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arris:nvg443_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D540A232-E544-4289-9857-EB7D599F643B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arris:nvg443:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D323BE0D-6E3C-43D0-870E-3C2A92F6EECF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arris:nvg599_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2154F328-30A8-4363-B469-F5306A07FBCF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arris:nvg599:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0677CA25-F914-48FE-8B85-F91776CEB329",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arris:nvg589_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CAEA6113-6B67-40C2-B31A-8C170854EFBE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arris:nvg589:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03AAE6AE-044C-44DC-8CCA-FF3D646ED19F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arris:nvg510_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C18211F5-A1DF-40A6-8D4D-D0FD719F4039",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arris:nvg510:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB87F9D2-CB6F-4E6F-87DA-AFDAAF8BD13C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arris:bgw210_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E428B978-B24B-44BF-BCE9-A394793FCBB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arris:bgw210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E12A518A-A94B-48F4-9C8B-D24A8D0F16EE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arris:bgw320_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24130786-8DD0-415E-A3D3-F57566F3ADA2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arris:bgw320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B033E94-8EA8-4A9D-A8EC-1EE1FFA1BC4D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589, and NVG510 devices and Arris-derived BGW210 and BGW320 devices are affected."
},
{
"lang": "es",
"value": "La funci\u00f3n do_request en el archivo request.c en muhttpd versiones anteriores a 1.1.7, permite a atacantes remotos leer archivos arbitrarios al construir una URL con un solo car\u00e1cter antes de una ruta deseada en el sistema de archivos. Esto ocurre porque el c\u00f3digo salta el primer car\u00e1cter cuando sirve archivos. Los dispositivos Arris NVG443, NVG599, NVG589 y NVG510 y los dispositivos derivados de Arris BGW210 y BGW320 est\u00e1n afectados"
}
],
"id": "CVE-2022-31793",
"lastModified": "2024-11-21T07:05:20.330",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-04T22:15:08.017",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://inglorion.net/software/muhttpd/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/08/millions-of-arris-routers-are-vulnerable-to-path-traversal-attacks/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://derekabdine.com/blog/2022-arris-advisory"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://kb.cert.org/vuls/id/495801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://inglorion.net/software/muhttpd/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/08/millions-of-arris-routers-are-vulnerable-to-path-traversal-attacks/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://derekabdine.com/blog/2022-arris-advisory"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://kb.cert.org/vuls/id/495801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.kb.cert.org/vuls/id/495801"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}