Vulnerability CVE-2022-31793 - Russian Vulnerability Scanner Database

Scores

EPSS

0.938high93.8%

0%20%40%60%80%100%

Percentile: 93.8%

CVSS

7.5high3.x

0246810

CVSS Score: 7.5/10

All CVSS Scores

CVSS 3.x

7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Description

do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589, and NVG510 devices and Arris-derived BGW210 and BGW320 devices are affected.

Sources

nvd

CWEs

CWE-22

Exploits

Exploit ID: CVE-2022-31793

Source: github-poc

URL: https://github.com/xpgdgit/CVE-2022-31793

Vulnerable Software (7)

Type: Configuration

Vendor: *

Product: bgw210_firmware

Operating System: * * *

Trait:

{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:o:arris:bgw210_firmware:-:*:*:*:*:*:*:*",          "vulnerable": true        }      ],      "operator": "OR" ...

{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:o:arris:bgw210_firmware:-:*:*:*:*:*:*:*",          "vulnerable": true        }      ],      "operator": "OR"    },    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:h:arris:bgw210:-:*:*:*:*:*:*:*"        }      ],      "operator": "OR"    }  ],  "operator": "AND"}

Source: nvd

Type: Configuration

Vendor: *

Product: bgw320_firmware

Operating System: * * *

Trait:

{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:o:arris:bgw320_firmware:-:*:*:*:*:*:*:*",          "vulnerable": true        }      ],      "operator": "OR" ...

{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:o:arris:bgw320_firmware:-:*:*:*:*:*:*:*",          "vulnerable": true        }      ],      "operator": "OR"    },    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:h:arris:bgw320:-:*:*:*:*:*:*:*"        }      ],      "operator": "OR"    }  ],  "operator": "AND"}

Source: nvd

Type: Configuration

Vendor: *

Product: muhttpd

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:inglorion:muhttpd:*:*:*:*:*:*:*:*",      "versionEndExcluding": "1.1.7",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: *

Product: nvg443_firmware

Operating System: * * *

Trait:

{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:o:arris:nvg443_firmware:-:*:*:*:*:*:*:*",          "vulnerable": true        }      ],      "operator": "OR" ...

{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:o:arris:nvg443_firmware:-:*:*:*:*:*:*:*",          "vulnerable": true        }      ],      "operator": "OR"    },    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:h:arris:nvg443:-:*:*:*:*:*:*:*"        }      ],      "operator": "OR"    }  ],  "operator": "AND"}

Source: nvd

Type: Configuration

Vendor: *

Product: nvg510_firmware

Operating System: * * *

Trait:

{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:o:arris:nvg510_firmware:-:*:*:*:*:*:*:*",          "vulnerable": true        }      ],      "operator": "OR" ...

{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:o:arris:nvg510_firmware:-:*:*:*:*:*:*:*",          "vulnerable": true        }      ],      "operator": "OR"    },    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:h:arris:nvg510:-:*:*:*:*:*:*:*"        }      ],      "operator": "OR"    }  ],  "operator": "AND"}

Source: nvd

Type: Configuration

Vendor: *

Product: nvg589_firmware

Operating System: * * *

Trait:

{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:o:arris:nvg589_firmware:-:*:*:*:*:*:*:*",          "vulnerable": true        }      ],      "operator": "OR" ...

{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:o:arris:nvg589_firmware:-:*:*:*:*:*:*:*",          "vulnerable": true        }      ],      "operator": "OR"    },    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:h:arris:nvg589:-:*:*:*:*:*:*:*"        }      ],      "operator": "OR"    }  ],  "operator": "AND"}

Source: nvd

Type: Configuration

Vendor: *

Product: nvg599_firmware

Operating System: * * *

Trait:

{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:o:arris:nvg599_firmware:-:*:*:*:*:*:*:*",          "vulnerable": true        }      ],      "operator": "OR" ...

{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:o:arris:nvg599_firmware:-:*:*:*:*:*:*:*",          "vulnerable": true        }      ],      "operator": "OR"    },    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:h:arris:nvg599:-:*:*:*:*:*:*:*"        }      ],      "operator": "OR"    }  ],  "operator": "AND"}

Source: nvd

End of list

Russian Vulnerability Scanner Database

CVE-2022-31793

Scores

EPSS

CVSS

All CVSS Scores

Vector Breakdown

CVSS

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Description

Scaner-VS 7 — a modern vulnerability management solution

Sources

CWEs

Exploits

Vulnerable Software (7)