HomePentest-Tools.com Logo

ARRIS Routers Information Disclosure Vulnerability (Jun 2022) - Active Check CVE-2022-31793

Severity
CVSSv3 Score
7.5
Vulnerability description

Multiple ARRIS routers are prone to an information disclosure vulnerability in the underlying muhttpd web server.

Risk description

do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files.

Recommendation

Contact your vendor/ISP for a solution.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Aug 4, 2022
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available