What is CVE-2022-31793?

CVE-2022-31793 is a vulnerability in N/a. Published 2022-08-04.

Is CVE-2022-31793 known to be exploited?

25 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2022-31793

do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first charac…

EPSS: 0.938 (99.9th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

xpgdgit/CVE-2022-31793
20142995/nuclei-templates
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
DinoBytes/RVASec-2024-Consumer-Routers-Still-Suck
J1ezds/Vulnerability-Wiki-page
KayCHENvip/vulnerability-poc
Miraitowa70/POC-Notes
NaInSec/CVE-PoC-in-GitHub
SYRTI/POC_

References

inglorion.net/software/muhttpd/ (x_refsource_MISC)
kb.cert.org/vuls/id/495801 (x_refsource_MISC)
derekabdine.com/blog/2022-arris-advisory (x_refsource_MISC)
blog.malwarebytes.com/exploits-and-vulnerabilities/2022/08/millions-of-arris-ro… (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-31793?: CVE-2022-31793 is a vulnerability in N/a. Published 2022-08-04.
Is CVE-2022-31793 known to be exploited?: 25 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.