13 matches found
VulnCheck KEV: CVE-2022-31793
dorequest in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589,...
Exploit for Path Traversal in Inglorion Muhttpd
CVE-2022-31793 -u specified IP address -l s...
ARRIS Routers Information Disclosure Vulnerability (Jun 2022) - Active Check
Multiple ARRIS routers are prone to an information disclosure vulnerability in the underlying muhttpd web server. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
CVE-2022-31793
dorequest in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589, and...
CVE-2022-31793
dorequest in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589, and...
CVE-2022-31793
dorequest in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589, and...
CVE-2022-31793
dorequest in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589, and...
CVE-2022-31793
CVE-2022-31793 affects muhttpd versions prior to 1.1.7 used in Arris NVG443/NVG599/NVG589/NVG510 and BGW210/BGW320 devices. Root cause: do_request in request.c skips the first character when serving files, enabling path traversal and reading arbitrary files on the device. Impact: unauthenticated ...
muhttpd versions 1.1.5 and earlier are vulnerable to path traversal
Overview Versions 1.1.5 and earlier of the mu HTTP deamon muhttpd are vulnerable to path traversal via crafted HTTP request from an unauthenticated user. This vulnerability can allow unauthenticated users to download arbitrary files and collect private information on the target device. Descriptio...
muhttpd 路径遍历漏洞
muhttpd is a simple but complete web server for inglorion individual developers. Written in portable ANSI C, it supports logging, CGI scripting, MIME type based handlers and HTTPS. A security vulnerability exists in muhttpd versions prior to 1.1.7. An attacker could exploit this vulnerability to...
PT-2022-20938 · Arris · Bgw320 +5
Name of the Vulnerable Software and Affected Versions: muhttpd versions prior to 1.1.7 Description: The issue allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first...
Millions of Arris routers are vulnerable to path traversal attacks
Security researcher Derek Abdine has published an advisory about vulnerabilities that exist in the MIT-licensed muhttpd web server. This web server is present in Arris firmware which can be found in several router models. muhttpd web server muhttpd mu HTTP deamon is a simple but complete web serv...
Millions of Arris routers are vulnerable to path traversal attacks
Security researcher Derek Abdine has published an advisory about vulnerabilities that exist in the MIT-licensed muhttpd web server. This web server is present in Arris firmware which can be found in several router models. muhttpd web server muhttpd mu HTTP deamon is a simple but complete web serv...