Sign-up

ID

VAR-202208-0319


CVE

CVE-2022-31793


TITLE

muhttpd versions 1.1.5 and earlier are vulnerable to path traversal

Trust: 0.8

sources: CERT/CC: VU#495801

DESCRIPTION

do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589, and NVG510 devices and Arris-derived BGW210 and BGW320 devices are affected. Versions 1.1.5 and earlier of the mu HTTP deamon (muhttpd) are vulnerable to path traversal via crafted HTTP request from an unauthenticated user. This vulnerability can allow unauthenticated users to download arbitrary files and collect private information on the target device.CVE-2022-31793 AffectedCVE-2022-31793 Affected. muhttpd contains a directory traversal vulnerability. muhttpd is mainly for home routers, etc. CPE (Customer Premise Equipment) employed in Web Server. version 1.1.5 and earlier muhttpd contains a directory traversal vulnerability ( CWE-22 ) exists. Due to this vulnerability, user names and passwords stored in the device, SSID settings related to ISP Sensitive information such as connection information may be leaked. muhttpd teeth CPE Enables remote management of equipment CGI Supports the use of scripts. Please note that this vulnerability can be remotely attacked if the device is in a state that can be remotely managed.vulnerable version of muhttpd specially crafted from a third party with access to the device on which HTTP Any file in the device may be stolen by sending the request

Trust: 2.43

sources: NVD: CVE-2022-31793 // CERT/CC: VU#495801 // JVNDB: JVNDB-2022-002222 // VULMON: CVE-2022-31793

AFFECTED PRODUCTS

vendor:arrismodel:bgw210scope:eqversion: -

Trust: 1.0

vendor:arrismodel:nvg589scope:eqversion: -

Trust: 1.0

vendor:inglorionmodel:muhttpdscope:ltversion:1.1.7

Trust: 1.0

vendor:arrismodel:bgw320scope:eqversion: -

Trust: 1.0

vendor:arrismodel:nvg599scope:eqversion: -

Trust: 1.0

vendor:arrismodel:nvg510scope:eqversion: -

Trust: 1.0

vendor:arrismodel:nvg443scope:eqversion: -

Trust: 1.0

vendor:muhttpdmodel:muhttpdscope:lteversion:1.1.5 and earlier

Trust: 0.8

vendor:muhttpdmodel:muhttpdscope:eqversion: -

Trust: 0.8

vendor:muhttpdmodel:muhttpdscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-002222 // NVD: CVE-2022-31793

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-31793
value: HIGH

Trust: 1.0

NVD: CVE-2022-31793
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202208-2185
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-31793
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2022-31793
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-002222 // CNNVD: CNNVD-202208-2185 // NVD: CVE-2022-31793

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.0

problemtype:Path traversal (CWE-22) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-002222 // NVD: CVE-2022-31793

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202208-2185

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202208-2185

PATCH

title:muhttpdurl:https://sourceforge.net/projects/muhttpd/

Trust: 0.8

title:muhttpd Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=203978

Trust: 0.6

sources: JVNDB: JVNDB-2022-002222 // CNNVD: CNNVD-202208-2185

EXTERNAL IDS

db:NVDid:CVE-2022-31793

Trust: 4.1

db:CERT/CCid:VU#495801

Trust: 3.3

db:JVNid:JVNVU97753810

Trust: 0.8

db:JVNDBid:JVNDB-2022-002222

Trust: 0.8

db:CNNVDid:CNNVD-202208-2185

Trust: 0.6

db:VULMONid:CVE-2022-31793

Trust: 0.1

sources: CERT/CC: VU#495801 // VULMON: CVE-2022-31793 // JVNDB: JVNDB-2022-002222 // CNNVD: CNNVD-202208-2185 // NVD: CVE-2022-31793

REFERENCES

url:https://derekabdine.com/blog/2022-arris-advisory

Trust: 2.5

url:https://kb.cert.org/vuls/id/495801

Trust: 2.5

url:https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/08/millions-of-arris-routers-are-vulnerable-to-path-traversal-attacks/

Trust: 1.7

url:http://inglorion.net/software/muhttpd/

Trust: 1.1

url:http://jvn.jp/vu/jvnvu97753810/index.html

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-31793

Trust: 0.8

url:httpd/

Trust: 0.6

url:http://inglorion.net/software/mu

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-31793/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2022-31793 // JVNDB: JVNDB-2022-002222 // CNNVD: CNNVD-202208-2185 // NVD: CVE-2022-31793

CREDITS

This document was written by Brad Runyon, Vijay Sarvepalli, and Eric Hatleback.Statement Date:   June 29, 2022

Trust: 0.8

sources: CERT/CC: VU#495801

SOURCES

db:CERT/CCid:VU#495801
db:VULMONid:CVE-2022-31793
db:JVNDBid:JVNDB-2022-002222
db:CNNVDid:CNNVD-202208-2185
db:NVDid:CVE-2022-31793

LAST UPDATE DATE

2024-08-14T14:43:49.242000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#495801date:2022-08-05T00:00:00
db:VULMONid:CVE-2022-31793date:2022-08-04T00:00:00
db:JVNDBid:JVNDB-2022-002222date:2024-06-14T06:38:00
db:CNNVDid:CNNVD-202208-2185date:2022-08-12T00:00:00
db:NVDid:CVE-2022-31793date:2022-08-11T18:07:01.703

SOURCES RELEASE DATE

db:CERT/CCid:VU#495801date:2022-08-04T00:00:00
db:VULMONid:CVE-2022-31793date:2022-08-04T00:00:00
db:JVNDBid:JVNDB-2022-002222date:2022-08-15T00:00:00
db:CNNVDid:CNNVD-202208-2185date:2022-08-04T00:00:00
db:NVDid:CVE-2022-31793date:2022-08-04T22:15:08.017