The “puhttpsniff” service, which runs by default, is susceptible to command injection due to improperly sanitized user input. An unauthenticated attacker on the same network segment as the router can execute arbitrary commands on the device without authentication.
References
Link | Resource |
---|---|
https://www.tenable.com/security/research/tra-2022-37 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
History
08 Aug 2023, 14:21
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-78 |
Information
Published : 2022-12-16 20:15
Updated : 2024-02-28 19:51
NVD link : CVE-2022-47208
Mitre link : CVE-2022-47208
CVE.ORG link : CVE-2022-47208
JSON object : View
Products Affected
netgear
- nighthawk_ax3000_firmware
- nighthawk_ax3000
- nighthawk_ax5400_firmware
- nighthawk_ax1800
- nighthawk_ax2400_firmware
- nighthawk_ax2400
- nighthawk_ax6000
- nighthawk_ax11000
- nighthawk_ax11000_firmware
- nighthawk_ax6000_firmware
- nighthawk_ax1800_firmware
- nighthawk_ax5400
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')