CVE-2022-31793 - OpenCVE

do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589, and NVG510 devices and Arris-derived BGW210 and BGW320 devices are affected.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Arris	Nvg443 Firmware Bgw210 Nvg510 Firmware Bgw210 Firmware Nvg510 Nvg589 Nvg599 Bgw320 Bgw320 Firmware Nvg589 Firmware Nvg443 Nvg599 Firmware
Inglorion	Muhttpd

Configuration 1 [-]

cpe:2.3:a:inglorion:muhttpd:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:arris:nvg443_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arris:nvg443:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:arris:nvg599_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arris:nvg599:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:arris:nvg589_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arris:nvg589:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:arris:nvg510_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arris:nvg510:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:arris:bgw210_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arris:bgw210:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:arris:bgw320_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arris:bgw320:-:*:*:*:*:*:*:*

References

Link	Resource
http://inglorion.net/software/muhttpd/	Third Party Advisory
https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/08/millions-of-arris-routers-are-vulnerable-to-path-traversal-attacks/	Third Party Advisory
https://derekabdine.com/blog/2022-arris-advisory	Exploit Third Party Advisory
https://kb.cert.org/vuls/id/495801	Third Party Advisory US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-08-04T21:55:05

Updated: 2022-08-04T21:55:05

Reserved: 2022-05-27T00:00:00

Link: CVE-2022-31793

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-08-04T22:15:08.017

Modified: 2022-08-11T18:07:01.703

Link: CVE-2022-31793

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589, and NVG510 devices and Arris-derived BGW210 and BGW320 devices are affected."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-08-04T21:55:05", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://inglorion.net/software/muhttpd/"}, {"tags": ["x_refsource_MISC"], "url": "https://kb.cert.org/vuls/id/495801"}, {"tags": ["x_refsource_MISC"], "url": "https://derekabdine.com/blog/2022-arris-advisory"}, {"tags": ["x_refsource_MISC"], "url": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/08/millions-of-arris-routers-are-vulnerable-to-path-traversal-attacks/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-31793", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589, and NVG510 devices and Arris-derived BGW210 and BGW320 devices are affected."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://inglorion.net/software/muhttpd/", "refsource": "MISC", "url": "http://inglorion.net/software/muhttpd/"}, {"name": "https://kb.cert.org/vuls/id/495801", "refsource": "MISC", "url": "https://kb.cert.org/vuls/id/495801"}, {"name": "https://derekabdine.com/blog/2022-arris-advisory", "refsource": "MISC", "url": "https://derekabdine.com/blog/2022-arris-advisory"}, {"name": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/08/millions-of-arris-routers-are-vulnerable-to-path-traversal-attacks/", "refsource": "MISC", "url": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/08/millions-of-arris-routers-are-vulnerable-to-path-traversal-attacks/"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-31793", "datePublished": "2022-08-04T21:55:05", "dateReserved": "2022-05-27T00:00:00", "dateUpdated": "2022-08-04T21:55:05", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:inglorion:muhttpd:*:*:*:*:*:*:*:*", "matchCriteriaId": "CEA107B5-A8F4-4E3E-848B-4D3D986AC0F6", "versionEndExcluding": "1.1.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arris:nvg443_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D540A232-E544-4289-9857-EB7D599F643B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arris:nvg443:-:*:*:*:*:*:*:*", "matchCriteriaId": "D323BE0D-6E3C-43D0-870E-3C2A92F6EECF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arris:nvg599_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "2154F328-30A8-4363-B469-F5306A07FBCF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arris:nvg599:-:*:*:*:*:*:*:*", "matchCriteriaId": "0677CA25-F914-48FE-8B85-F91776CEB329", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arris:nvg589_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "CAEA6113-6B67-40C2-B31A-8C170854EFBE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arris:nvg589:-:*:*:*:*:*:*:*", "matchCriteriaId": "03AAE6AE-044C-44DC-8CCA-FF3D646ED19F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arris:nvg510_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "C18211F5-A1DF-40A6-8D4D-D0FD719F4039", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arris:nvg510:-:*:*:*:*:*:*:*", "matchCriteriaId": "EB87F9D2-CB6F-4E6F-87DA-AFDAAF8BD13C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arris:bgw210_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "E428B978-B24B-44BF-BCE9-A394793FCBB9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arris:bgw210:-:*:*:*:*:*:*:*", "matchCriteriaId": "E12A518A-A94B-48F4-9C8B-D24A8D0F16EE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arris:bgw320_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "24130786-8DD0-415E-A3D3-F57566F3ADA2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arris:bgw320:-:*:*:*:*:*:*:*", "matchCriteriaId": "1B033E94-8EA8-4A9D-A8EC-1EE1FFA1BC4D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589, and NVG510 devices and Arris-derived BGW210 and BGW320 devices are affected."}, {"lang": "es", "value": "La funci\u00f3n do_request en el archivo request.c en muhttpd versiones anteriores a 1.1.7, permite a atacantes remotos leer archivos arbitrarios al construir una URL con un solo car\u00e1cter antes de una ruta deseada en el sistema de archivos. Esto ocurre porque el c\u00f3digo salta el primer car\u00e1cter cuando sirve archivos. Los dispositivos Arris NVG443, NVG599, NVG589 y NVG510 y los dispositivos derivados de Arris BGW210 y BGW320 est\u00e1n afectados"}], "id": "CVE-2022-31793", "lastModified": "2022-08-11T18:07:01.703", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-04T22:15:08.017", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://inglorion.net/software/muhttpd/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/08/millions-of-arris-routers-are-vulnerable-to-path-traversal-attacks/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://derekabdine.com/blog/2022-arris-advisory"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://kb.cert.org/vuls/id/495801"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}