ARRIS Routers Information Disclosure Vulnerability (Jun 2022) - Active Check CVE-2022-31793
- CVSSv3 Score
- Vulnerability description
Multiple ARRIS routers are prone to an information disclosure vulnerability in the underlying muhttpd web server.
- Risk description
do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files.
Contact your vendor/ISP for a solution.
- Not available