CVE-2022-47208

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-47208
The “puhttpsniff” service, which runs by default, is susceptible to command injection due to improperly sanitized user input. An unauthenticated attacker on the same network segment as the router can execute arbitrary commands on the device without authentication.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.tenable.com/security/research/tra-2022-37 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:netgear:nighthawk_ax1800_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:nighthawk_ax1800:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:netgear:nighthawk_ax2400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:nighthawk_ax2400:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:netgear:nighthawk_ax3000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:nighthawk_ax3000:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:netgear:nighthawk_ax5400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:nighthawk_ax5400:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:netgear:nighthawk_ax6000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:nighthawk_ax6000:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:netgear:nighthawk_ax11000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:nighthawk_ax11000:-:*:*:*:*:*:*:*
History

08 Aug 2023, 14:21

Type Values Removed Values Added
CWE CWE-20 CWE-78

27 Dec 2022, 20:03

Type Values Removed Values Added
CWE CWE-20
References (MISC) https://www.tenable.com/security/research/tra-2022-37 - (MISC) https://www.tenable.com/security/research/tra-2022-37 - Vendor Advisory
First Time Netgear nighthawk Ax6000
Netgear nighthawk Ax2400 Firmware
Netgear nighthawk Ax3000 Firmware
Netgear nighthawk Ax6000 Firmware
Netgear nighthawk Ax1800 Firmware
Netgear nighthawk Ax11000
Netgear
Netgear nighthawk Ax2400
Netgear nighthawk Ax1800
Netgear nighthawk Ax5400 Firmware
Netgear nighthawk Ax5400
Netgear nighthawk Ax3000
Netgear nighthawk Ax11000 Firmware
CPE cpe:2.3:o:netgear:nighthawk_ax5400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:nighthawk_ax5400:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:nighthawk_ax1800_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:nighthawk_ax6000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:nighthawk_ax2400:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:nighthawk_ax11000:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:nighthawk_ax2400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:nighthawk_ax6000:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:nighthawk_ax11000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:nighthawk_ax3000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:nighthawk_ax1800:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:nighthawk_ax3000:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.8

16 Dec 2022, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2022-12-16 20:15

Updated : 2023-12-10 14:48

NVD link : CVE-2022-47208

Mitre link : CVE-2022-47208

CVE.ORG link : CVE-2022-47208

JSON object : View

Products Affected

netgear

  • nighthawk_ax11000_firmware
  • nighthawk_ax1800_firmware
  • nighthawk_ax2400_firmware
  • nighthawk_ax5400_firmware
  • nighthawk_ax3000
  • nighthawk_ax6000
  • nighthawk_ax1800
  • nighthawk_ax6000_firmware
  • nighthawk_ax3000_firmware
  • nighthawk_ax5400
  • nighthawk_ax11000
  • nighthawk_ax2400
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')