![]() ![]() The most severe vulnerability allows unauthenticated path traversal from the root of the file system as the root user. These routers are typically loaned to ISP subscribers for telephony and Internet access. This web server is widely used in ISP customer premise equipment (CPE), most notably in Arris firmware used in router models (at least, possibly other) NVG443, NVG599, NVG589, NVG510, as well as ISP-customized variants such as BGW210 and BGW320 (Arris has declined to confirm affected models). Multiple vulnerabilities exist in the MIT-licensed muhttpd web server. NOTE: This issue has been patched and deployed by at least one ISP, whose BGW routers use a customized variant of Arris NVG firmware. ![]() Arris / Arris-variant DSL/Fiber router critical vulnerability exposure ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |