CVE-2022-31793

high-risk

Published 2022-08-04

do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589, and NVG510 devices and Arris-derived BGW210 and BGW320 devices are affected.

Do I need to act?

93.8% chance of exploitation in next 30 days

EPSS score — higher than 6% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (7)

Muhttpd

Nvg443 Firmware

Nvg599 Firmware

Nvg589 Firmware

Nvg510 Firmware

Bgw210 Firmware

Bgw320 Firmware

Affected Vendors

Arris Inglorion

References (9)

Third Party Advisory http://inglorion.net/software/muhttpd/

Third Party Advisory https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/08/millions-of-a...

Exploit https://derekabdine.com/blog/2022-arris-advisory

Third Party Advisory https://kb.cert.org/vuls/id/495801

Third Party Advisory http://inglorion.net/software/muhttpd/

Third Party Advisory https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/08/millions-of-a...

Exploit https://derekabdine.com/blog/2022-arris-advisory

Third Party Advisory https://kb.cert.org/vuls/id/495801

https://www.kb.cert.org/vuls/id/495801

/ 100

high-risk

Severity 26/34 · High

Exploitability 20/34 · Moderate

Exposure 14/34 · Moderate