Description

do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589, and NVG510 devices and Arris-derived BGW210 and BGW320 devices are affected.

Related CPE's

a

inglorion

muhttpd

Vulnerable

o

arris

nvg443_firmware

-

Vulnerable

h

arris

nvg443

-

o

arris

nvg599_firmware

-

Vulnerable

h

arris

nvg599

-

o

arris

nvg589_firmware

-

Vulnerable

h

arris

nvg589

-

o

arris

nvg510_firmware

-

Vulnerable

h

arris

nvg510

-

o

arris

bgw210_firmware

-

Vulnerable

h

arris

bgw210

-

o

arris

bgw320_firmware

-

Vulnerable

h

arris

bgw320

-

References

http://inglorion.net/software/muhttpd/

Third Party Advisory

https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/08/millions-of-arris-routers-are-vulnerable-to-path-traversal-attacks/

Third Party Advisory

https://derekabdine.com/blog/2022-arris-advisory

ExploitThird Party Advisory

https://kb.cert.org/vuls/id/495801

Third Party AdvisoryUS Government Resource

Weaknesses

[email protected]

Primary
CWE-22

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2022-08-04T22:15:08.017

2 years ago

Last modified

2022-08-11T18:07:01.703

2 years ago