Vulnerability Description
The “puhttpsniff” service, which runs by default, is susceptible to command injection due to improperly sanitized user input. An unauthenticated attacker on the same network segment as the router can execute arbitrary commands on the device without authentication.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netgear | Nighthawk Ax1800 Firmware | < 1.0.9.90 |
| Netgear | Nighthawk Ax1800 | - |
| Netgear | Nighthawk Ax2400 Firmware | < 1.0.9.90 |
| Netgear | Nighthawk Ax2400 | - |
| Netgear | Nighthawk Ax3000 Firmware | < 1.0.9.90 |
| Netgear | Nighthawk Ax3000 | - |
| Netgear | Nighthawk Ax5400 Firmware | < 1.0.9.90 |
| Netgear | Nighthawk Ax5400 | - |
| Netgear | Nighthawk Ax6000 Firmware | < 1.0.9.90 |
| Netgear | Nighthawk Ax6000 | - |
| Netgear | Nighthawk Ax11000 Firmware | < 1.0.9.90 |
| Netgear | Nighthawk Ax11000 | - |
Related Weaknesses (CWE)
References
- https://www.tenable.com/security/research/tra-2022-37Vendor Advisory
- https://www.tenable.com/security/research/tra-2022-37Vendor Advisory
FAQ
What is CVE-2022-47208?
CVE-2022-47208 is a vulnerability with a CVSS score of 8.8 (HIGH). The “puhttpsniff” service, which runs by default, is susceptible to command injection due to improperly sanitized user input. An unauthenticated attacker on the same network segment as the router can ...
How severe is CVE-2022-47208?
CVE-2022-47208 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-47208?
Check the references section above for vendor advisories and patch information. Affected products include: Netgear Nighthawk Ax1800 Firmware, Netgear Nighthawk Ax1800, Netgear Nighthawk Ax2400 Firmware, Netgear Nighthawk Ax2400, Netgear Nighthawk Ax3000 Firmware.