Vulnerability

VU#495801: muhttpd versions 1.1.5 and earlier are vulnerable to path traversal on 04/08/2022 at 6:22 pm

October 17, 2022

Overview

Versions 1.1.5 and earlier of the mu HTTP deamon (muhttpd) are vulnerable to path traversal via crafted HTTP request from an unauthenticated user. This vulnerability can allow unauthenticated users to download arbitrary files and collect private information on the target device.

Description

The muhttpd, hosted at SourceForge as an opensource project, is a lightweight webserver. This software is commonly used in customer premise equipment (CPE), such as home routers and small office routers, to provide device management capability through a web interface. The muhttpd supports the use of CGI scripts that enable remote management of CPE devices.

A path traversal vulnerability in muhttpd (version 1.1.5 and earlier) could allow an unauthenticated attacker to read arbitrary content on the target device, including usernames and passwords, Wireless SSID configurations, ISP connection information, and private keys. If remote management is enabled on a device running vulnerable version of muhttpd, this attack is possible from a remote network. Even in cases with restricted Local Area Network access, a vulnerable version of muhttpd can be accessed using other attack methods such as DNS Rebinding.

Impact

An unauthenticated attacker can use crafted HTTP request to download arbitrary files or gather sensitive information from a vulnerable target device. In cases where remote management is enabled on a vulnerable device, a remote unauthenticated attacker can perform these attacks.

Solution

Apply Updates

Update to the latest version of firmware/software provided by your vendor; see Vendor Information section for details. Downstream developers of embedded systems should update muhttpd software (to version 1.1.7 or later) from SourceForget git repository.

Disable remote management

Disabling remote management access, which thereby limits access strictly to local area network, can minimize the exposure introduced by the vulnerable software. Use access control to limit remote management if remote management is desired from specific IP network locations. Additional mitigations are described in the security researcher’s advisory.

Acknowledgements

Thanks to Derek Abdine for reporting this vulnerability.

This document was written by Brad Runyon, Vijay Sarvepalli, and Eric Hatleback.

Vendor Information

One or more vendors are listed for this advisory. Please reference the full report for more information.

 

References

https://derekabdine.com/blog/2022-arris-advisory

https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/08/millions-of-arris-routers-are-vulnerable-to-path-traversal-attacks

https://www.cisa.gov/uscert/ncas/tips/ST15-002

Other Information

CVE IDs:CVE-2022-31793

Date Public:

2022-08-04
Date First Published:
2022-08-04
Date Last Updated:
2022-08-05 20:02 UTC
Document Revision:
2

About vulnerability notes
Contact us about this vulnerability
Provide a vendor statement
Related Posts
Clear Filters
VU#782720: TCG TPM2.0 implementations vulnerable to memory corruption on 28/02/2023 at 5:37 pm
VULNERABILITIES
VU#782720: TCG TPM2.0 implementations vulnerable to memory corruption on 28/02/2023 at 5:37 pm
Vulnerability
VU#782720: TCG TPM2.0 implementations vulnerable to memory corruption on 28/02/2023 at 5:37 pm

Overview Two buffer overflow vulnerabilities were discovered in the Trusted Platform Module (TPM) 2.0 reference library specification, currently at Level…

Read More
VU#434994: Multiple race conditions due to TOCTOU flaws in various UEFI Implementations on 08/11/2022 at 5:02 pm
VULNERABILITIES
VU#434994: Multiple race conditions due to TOCTOU flaws in various UEFI Implementations on 08/11/2022 at 5:02 pm
Vulnerability
VU#434994: Multiple race conditions due to TOCTOU flaws in various UEFI Implementations on 08/11/2022 at 5:02 pm

Overview Multiple Unified Extensible Firmware Interface (UEFI) implementations are vulnerable to code execution in System Management Mode (SMM) by an…

Read More
Devel Group
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.
Privacy Policy
You have read and agreed to our privacy policy
Required