CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-31793

do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589, and NVG510 devices and Arris-derived BGW210 and BGW320 devices are affected.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.934

EPSS Ranking 99.8%

CVSS Severity

CVSS v3 Score 7.5

References

Products affected by CVE-2022-31793

Inglorion » Muhttpd » Version: N/A

cpe:2.3:a:inglorion:muhttpd:-
Arris » Bgw210 » Version: N/A

cpe:2.3:h:arris:bgw210:-
Arris » Bgw320 » Version: N/A

cpe:2.3:h:arris:bgw320:-
Arris » Nvg443 » Version: N/A

cpe:2.3:h:arris:nvg443:-
Arris » Nvg510 » Version: N/A

cpe:2.3:h:arris:nvg510:-
Arris » Nvg589 » Version: N/A

cpe:2.3:h:arris:nvg589:-
Arris » Nvg599 » Version: N/A

cpe:2.3:h:arris:nvg599:-
Arris » Bgw210 Firmware » Version: N/A

cpe:2.3:o:arris:bgw210_firmware:-
Arris » Bgw320 Firmware » Version: N/A

cpe:2.3:o:arris:bgw320_firmware:-
Arris » Nvg443 Firmware » Version: N/A

cpe:2.3:o:arris:nvg443_firmware:-
Arris » Nvg510 Firmware » Version: N/A

cpe:2.3:o:arris:nvg510_firmware:-
Arris » Nvg589 Firmware » Version: N/A

cpe:2.3:o:arris:nvg589_firmware:-
Arris » Nvg599 Firmware » Version: N/A

cpe:2.3:o:arris:nvg599_firmware:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-31793

Products

Pricing

Contact Us