CVE-2022-31793
CVE-2022-31793 affects muhttpd versions prior to 1.1.7 used in Arris NVG443/NVG599/NVG589/NVG510 and BGW210/BGW320 devices. Root cause: do_request in request.c skips the first character when serving files, enabling path traversal and reading arbitrary files on the device. Impact: unauthenticated ...