CVE-2022-31793
Published: 04 August 2022
Summary
CVE-2022-31793 is a high-severity Path Traversal (CWE-22) vulnerability in Inglorion Muhttpd. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
CVE-2022-31793 is a path traversal vulnerability in the do_request function within request.c of muhttpd versions prior to 1.1.7. The flaw stems from the server skipping the first character of a requested path when serving files, enabling unauthorized access. It affects Arris NVG443, NVG599, NVG589, and NVG510 devices along with Arris-derived BGW210 and BGW320 models, carrying a CVSS 3.1 score of 7.5 under CWE-22.
Remote unauthenticated attackers can exploit the issue over the network by crafting a URL that prepends a single character to a target filesystem path, resulting in disclosure of arbitrary files with no user interaction required.
Public references, including CERT VU#495801 and vendor analyses, point to upgrading muhttpd to version 1.1.7 or later as the primary remediation, with additional guidance available for affected Arris hardware.
The associated EPSS score stands at 0.9382, indicating substantial exploitation likelihood without evidence of a post-disclosure climb from a low baseline.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-53184
Vulnerability details
do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when…
more
serving files. Arris NVG443, NVG599, NVG589, and NVG510 devices and Arris-derived BGW210 and BGW320 devices are affected.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validates pathnames and filenames to prevent traversal outside intended directories.