CVE-2022-47208
Last modified
CVE-2022-47208 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. The “puhttpsniff” service, which runs by default, is susceptible to command injection due to improperly sanitized user input. An unauthenticated attacker on the same network segment as the router can execute arbitrary commands on the device without authentication.. EPSS estimates a 1.20% chance of exploitation in the next 30 days.
Description
The “puhttpsniff” service, which runs by default, is susceptible to command injection due to improperly sanitized user input. An unauthenticated attacker on the same network segment as the router can execute arbitrary commands on the device without authentication.
Metrics
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Netgear | Nighthawk Ax1800 Firmware | < 1.0.9.90 |
| Netgear | Nighthawk Ax2400 Firmware | < 1.0.9.90 |
| Netgear | Nighthawk Ax3000 Firmware | < 1.0.9.90 |
| Netgear | Nighthawk Ax5400 Firmware | < 1.0.9.90 |
| Netgear | Nighthawk Ax6000 Firmware | < 1.0.9.90 |
| Netgear | Nighthawk Ax11000 Firmware | < 1.0.9.90 |
References
- https://www.tenable.com/security/research/tra-2022-37Vendor Advisory
- https://www.tenable.com/security/research/tra-2022-37Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-47208?
How severe is CVE-2022-47208?
How do I fix CVE-2022-47208?
Are you affected by CVE-2022-47208?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST