Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2022-31793

Published: 04/08/2022 Updated: 11/08/2022
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Inglorion

Vulnerability Summary

do_request in request.c in muhttpd prior to 1.1.7 allows remote malicious users to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589, and NVG510 devices and Arris-derived BGW210 and BGW320 devices are affected.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

inglorion muhttpd

arris nvg443_firmware -

arris nvg599_firmware -

arris nvg589_firmware -

arris nvg510_firmware -

arris bgw210_firmware -

arris bgw320_firmware -

Github Repositories

https://github.com/xpgdgit/CVE-2022-31793

CVE-2022-31793 -u 指定IP -l 指定ip文件 -v 验证模式 -f 指定读取文件 python pocpy -u ip -v python pocpy -l urltxt -v python pocpy -u ip -f /etc/hosts python pocpy -l urltxt -f /etc/hosts

https://github.com/badboycxcc/script

各种脚本、漏洞利用工具

script 免杀Fscan、LadonGo githubcom/badboycxcc/script/blob/main/fzip githubcom/badboycxcc/script/blob/main/Ladonzip Fscan M1 githubcom/badboycxcc/script/blob/main/fscan MD5 e80781fdd5c02a07e77498368b426e89 SHASUM c47503324bb9c485abd579e7c2410ae356c374c1 CobaltStrike47 Hash:c1cda82b39fda2f77c811f42a7a55987adf37e06a522ed6f28900d77bbd4409f Do

References

CWE-22https://derekabdine.com/blog/2022-arris-advisoryhttps://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/08/millions-of-arris-routers-are-vulnerable-to-path-traversal-attacks/https://kb.cert.org/vuls/id/495801http://inglorion.net/software/muhttpd/https://nvd.nist.govhttps://github.com/xpgdgit/CVE-2022-31793https://github.com/badboycxcc/scripthttps://www.kb.cert.org/vuls/id/495801
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693CVE-2024-30851CVE-2024-34460CVE-2024-2887localCVE-2024-27956remote code executionCVE-2024-34475privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook