The “puhttpsniff” service, which runs by default, is susceptible to command injection due to improperly sanitized user input. An unauthenticated attacker on the same network segment as the router can execute arbitrary commands on the device without authentication.
References
Link | Resource |
---|---|
https://www.tenable.com/security/research/tra-2022-37 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
History
08 Aug 2023, 14:21
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-78 |
27 Dec 2022, 20:03
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-20 | |
References | (MISC) https://www.tenable.com/security/research/tra-2022-37 - Vendor Advisory | |
First Time |
Netgear nighthawk Ax6000
Netgear nighthawk Ax2400 Firmware Netgear nighthawk Ax3000 Firmware Netgear nighthawk Ax6000 Firmware Netgear nighthawk Ax1800 Firmware Netgear nighthawk Ax11000 Netgear Netgear nighthawk Ax2400 Netgear nighthawk Ax1800 Netgear nighthawk Ax5400 Firmware Netgear nighthawk Ax5400 Netgear nighthawk Ax3000 Netgear nighthawk Ax11000 Firmware |
|
CPE | cpe:2.3:o:netgear:nighthawk_ax5400_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:nighthawk_ax5400:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:nighthawk_ax1800_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:nighthawk_ax6000_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:nighthawk_ax2400:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:nighthawk_ax11000:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:nighthawk_ax2400_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:nighthawk_ax6000:-:*:*:*:*:*:*:* cpe:2.3:o:netgear:nighthawk_ax11000_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:netgear:nighthawk_ax3000_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netgear:nighthawk_ax1800:-:*:*:*:*:*:*:* cpe:2.3:h:netgear:nighthawk_ax3000:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
16 Dec 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-12-16 20:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-47208
Mitre link : CVE-2022-47208
CVE.ORG link : CVE-2022-47208
JSON object : View
Products Affected
netgear
- nighthawk_ax11000_firmware
- nighthawk_ax1800_firmware
- nighthawk_ax2400_firmware
- nighthawk_ax5400_firmware
- nighthawk_ax3000
- nighthawk_ax6000
- nighthawk_ax1800
- nighthawk_ax6000_firmware
- nighthawk_ax3000_firmware
- nighthawk_ax5400
- nighthawk_ax11000
- nighthawk_ax2400
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')