6 matches found
CVE-2022-31793
dorequest in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589, and...
CVE-2022-31793
creationtimestamp| type| source ---|---|--- 2025-04-20 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-04-20 2026-06-23 14:06:15+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/05c68957-3684-432f-b134-714c8bc8030f 2026-06-30...
Exploit for Path Traversal in Inglorion Muhttpd
CVE-2022-31793 -u specified IP address -l s...
CVE-2022-31793
CVE-2022-31793 affects muhttpd versions prior to 1.1.7 used in Arris NVG443/NVG599/NVG589/NVG510 and BGW210/BGW320 devices. Root cause: do_request in request.c skips the first character when serving files, enabling path traversal and reading arbitrary files on the device. Impact: unauthenticated ...
Millions of Arris routers are vulnerable to path traversal attacks
Security researcher Derek Abdine has published an advisory about vulnerabilities that exist in the MIT-licensed muhttpd web server. This web server is present in Arris firmware which can be found in several router models. muhttpd web server muhttpd mu HTTP deamon is a simple but complete web serv...
Millions of Arris routers are vulnerable to path traversal attacks
Security researcher Derek Abdine has published an advisory about vulnerabilities that exist in the MIT-licensed muhttpd web server. This web server is present in Arris firmware which can be found in several router models. muhttpd web server muhttpd mu HTTP deamon is a simple but complete web serv...