CVE-2022-31793

HIGH EXPLOITED NUCLEI

muhttpd < 1.1.7 - Path Traversal via Single-Character Prefix Bypass

Title source: llm

Exploitation Summary

CVE-2022-31793 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including xpgdgit. A Nuclei detection template is also available.

AI-analyzed exploit summary This PoC exploits a path traversal vulnerability in Muhttpd web server (CVE-2022-31793) by sending a crafted HTTP GET request to read arbitrary files. It supports both single target and bulk testing via a list of IPs, with options for verification or custom file path reading.

Description

do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589, and NVG510 devices and Arris-derived BGW210 and BGW320 devices are affected.

Exploits (1)

nomisec WORKING POC 1 stars

by xpgdgit · poc

https://github.com/xpgdgit/CVE-2022-31793

View Code ZIP pw:eip

This PoC exploits a path traversal vulnerability in Muhttpd web server (CVE-2022-31793) by sending a crafted HTTP GET request to read arbitrary files. It supports both single target and bulk testing via a list of IPs, with options for verification or custom file path reading.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Muhttpd web server

No auth needed

Prerequisites: Network access to the target server · Muhttpd web server running on port 80

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

muhttpd <=1.1.5 - Local Inclusion

HIGHVERIFIEDby scent2d

References (5)

Core 5

Core References

Third Party Advisory x_refsource_misc

http://inglorion.net/software/muhttpd/

Third Party Advisory, US Government Resource x_refsource_misc

https://kb.cert.org/vuls/id/495801

Exploit, Third Party Advisory x_refsource_misc

https://derekabdine.com/blog/2022-arris-advisory

Third Party Advisory x_refsource_misc

https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/08/millions-of-arris-routers-are-vulnerable-to-path-traversal-attacks/

Third Party Advisory, US Government Resource

https://www.kb.cert.org/vuls/id/495801

Scores

CVSS v3 7.5

EPSS 0.9382

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2023-11-13

CWE

CWE-22

Status published

Products (7)

arris/bgw210_firmware

arris/bgw320_firmware

arris/nvg443_firmware

arris/nvg510_firmware

arris/nvg589_firmware

arris/nvg599_firmware

inglorion/muhttpd < 1.1.7

Published Aug 04, 2022

Tracked Since Feb 18, 2026