CVE-2022-31793 -u 指定IP -l 指定ip文件 -v 验证模式 -f 指定读取文件 python pocpy -u ip -v python pocpy -l urltxt -v python pocpy -u ip -f /etc/hosts python pocpy -l urltxt -f /etc/hosts
do_request in request.c in muhttpd prior to 1.1.7 allows remote malicious users to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589, and NVG510 devices and Arris-derived BGW210 and BGW320 devices are affected.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
inglorion muhttpd |
||
arris nvg443_firmware - |
||
arris nvg599_firmware - |
||
arris nvg589_firmware - |
||
arris nvg510_firmware - |
||
arris bgw210_firmware - |
||
arris bgw320_firmware - |