var-202208-0319
Vulnerability from variot
do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589, and NVG510 devices and Arris-derived BGW210 and BGW320 devices are affected. Versions 1.1.5 and earlier of the mu HTTP deamon (muhttpd) are vulnerable to path traversal via crafted HTTP request from an unauthenticated user. This vulnerability can allow unauthenticated users to download arbitrary files and collect private information on the target device.CVE-2022-31793 AffectedCVE-2022-31793 Affected. muhttpd contains a directory traversal vulnerability. muhttpd is mainly for home routers, etc. CPE (Customer Premise Equipment) employed in Web Server. version 1.1.5 and earlier muhttpd contains a directory traversal vulnerability ( CWE-22 ) exists. Due to this vulnerability, user names and passwords stored in the device, SSID settings related to ISP Sensitive information such as connection information may be leaked. muhttpd teeth CPE Enables remote management of equipment CGI Supports the use of scripts. Please note that this vulnerability can be remotely attacked if the device is in a state that can be remotely managed.vulnerable version of muhttpd specially crafted from a third party with access to the device on which HTTP Any file in the device may be stolen by sending the request
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202208-0319",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bgw210",
"scope": "eq",
"trust": 1.0,
"vendor": "arris",
"version": null
},
{
"model": "nvg589",
"scope": "eq",
"trust": 1.0,
"vendor": "arris",
"version": null
},
{
"model": "muhttpd",
"scope": "lt",
"trust": 1.0,
"vendor": "inglorion",
"version": "1.1.7"
},
{
"model": "bgw320",
"scope": "eq",
"trust": 1.0,
"vendor": "arris",
"version": null
},
{
"model": "nvg599",
"scope": "eq",
"trust": 1.0,
"vendor": "arris",
"version": null
},
{
"model": "nvg510",
"scope": "eq",
"trust": 1.0,
"vendor": "arris",
"version": null
},
{
"model": "nvg443",
"scope": "eq",
"trust": 1.0,
"vendor": "arris",
"version": null
},
{
"model": "muhttpd",
"scope": "lte",
"trust": 0.8,
"vendor": "muhttpd",
"version": "1.1.5 and earlier"
},
{
"model": "muhttpd",
"scope": "eq",
"trust": 0.8,
"vendor": "muhttpd",
"version": null
},
{
"model": "muhttpd",
"scope": null,
"trust": 0.8,
"vendor": "muhttpd",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002222"
},
{
"db": "NVD",
"id": "CVE-2022-31793"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This document was written by Brad Runyon, Vijay Sarvepalli, and Eric Hatleback.Statement Date:\u00a0\u00a0 June 29, 2022",
"sources": [
{
"db": "CERT/CC",
"id": "VU#495801"
}
],
"trust": 0.8
},
"cve": "CVE-2022-31793",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-31793",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-31793",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-31793",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-31793",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-2185",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002222"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2185"
},
{
"db": "NVD",
"id": "CVE-2022-31793"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589, and NVG510 devices and Arris-derived BGW210 and BGW320 devices are affected. Versions 1.1.5 and earlier of the mu HTTP deamon (muhttpd) are vulnerable to path traversal via crafted HTTP request from an unauthenticated user. This vulnerability can allow unauthenticated users to download arbitrary files and collect private information on the target device.CVE-2022-31793 AffectedCVE-2022-31793 Affected. muhttpd contains a directory traversal vulnerability. muhttpd is mainly for home routers, etc. CPE (Customer Premise Equipment) employed in Web Server. version 1.1.5 and earlier muhttpd contains a directory traversal vulnerability ( CWE-22 ) exists. Due to this vulnerability, user names and passwords stored in the device, SSID settings related to ISP Sensitive information such as connection information may be leaked. muhttpd teeth CPE Enables remote management of equipment CGI Supports the use of scripts. Please note that this vulnerability can be remotely attacked if the device is in a state that can be remotely managed.vulnerable version of muhttpd specially crafted from a third party with access to the device on which HTTP Any file in the device may be stolen by sending the request",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-31793"
},
{
"db": "CERT/CC",
"id": "VU#495801"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002222"
},
{
"db": "VULMON",
"id": "CVE-2022-31793"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-31793",
"trust": 4.1
},
{
"db": "CERT/CC",
"id": "VU#495801",
"trust": 3.3
},
{
"db": "JVN",
"id": "JVNVU97753810",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002222",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2185",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-31793",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#495801"
},
{
"db": "VULMON",
"id": "CVE-2022-31793"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002222"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2185"
},
{
"db": "NVD",
"id": "CVE-2022-31793"
}
]
},
"id": "VAR-202208-0319",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-08-14T14:43:49.242000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "muhttpd",
"trust": 0.8,
"url": "https://sourceforge.net/projects/muhttpd/"
},
{
"title": "muhttpd Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=203978"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002222"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2185"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.0
},
{
"problemtype": "Path traversal (CWE-22) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002222"
},
{
"db": "NVD",
"id": "CVE-2022-31793"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://derekabdine.com/blog/2022-arris-advisory"
},
{
"trust": 2.5,
"url": "https://kb.cert.org/vuls/id/495801"
},
{
"trust": 1.7,
"url": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/08/millions-of-arris-routers-are-vulnerable-to-path-traversal-attacks/"
},
{
"trust": 1.1,
"url": "http://inglorion.net/software/muhttpd/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97753810/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31793"
},
{
"trust": 0.6,
"url": "httpd/"
},
{
"trust": 0.6,
"url": "http://inglorion.net/software/mu"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-31793/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-31793"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002222"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2185"
},
{
"db": "NVD",
"id": "CVE-2022-31793"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#495801"
},
{
"db": "VULMON",
"id": "CVE-2022-31793"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002222"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2185"
},
{
"db": "NVD",
"id": "CVE-2022-31793"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-04T00:00:00",
"db": "CERT/CC",
"id": "VU#495801"
},
{
"date": "2022-08-04T00:00:00",
"db": "VULMON",
"id": "CVE-2022-31793"
},
{
"date": "2022-08-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-002222"
},
{
"date": "2022-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2185"
},
{
"date": "2022-08-04T22:15:08.017000",
"db": "NVD",
"id": "CVE-2022-31793"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-05T00:00:00",
"db": "CERT/CC",
"id": "VU#495801"
},
{
"date": "2022-08-04T00:00:00",
"db": "VULMON",
"id": "CVE-2022-31793"
},
{
"date": "2024-06-14T06:38:00",
"db": "JVNDB",
"id": "JVNDB-2022-002222"
},
{
"date": "2022-08-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2185"
},
{
"date": "2022-08-11T18:07:01.703000",
"db": "NVD",
"id": "CVE-2022-31793"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2185"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "muhttpd versions 1.1.5 and earlier are vulnerable to path traversal",
"sources": [
{
"db": "CERT/CC",
"id": "VU#495801"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2185"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.