Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-47208

The “puhttpsniff” service, which runs by default, is susceptible to command injection due to improperly sanitized user input. An unauthenticated attacker on the same network segment as the router can execute arbitrary commands on the device without authentication.

Published

2022-12-16T20:15:08.860

Last Modified

2025-04-17T18:15:45.287

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Primary
CWE-78
Type: Secondary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	netgear	nighthawk_ax1800_firmware	< 1.0.9.90	Yes
Hardware	netgear	nighthawk_ax1800	-	No
Operating System	netgear	nighthawk_ax2400_firmware	< 1.0.9.90	Yes
Hardware	netgear	nighthawk_ax2400	-	No
Operating System	netgear	nighthawk_ax3000_firmware	< 1.0.9.90	Yes
Hardware	netgear	nighthawk_ax3000	-	No
Operating System	netgear	nighthawk_ax5400_firmware	< 1.0.9.90	Yes
Hardware	netgear	nighthawk_ax5400	-	No
Operating System	netgear	nighthawk_ax6000_firmware	< 1.0.9.90	Yes
Hardware	netgear	nighthawk_ax6000	-	No
Operating System	netgear	nighthawk_ax11000_firmware	< 1.0.9.90	Yes
Hardware	netgear	nighthawk_ax11000	-	No

References

https://www.tenable.com/security/research/tra-2022-37 Vendor Advisory ([email protected])
https://www.tenable.com/security/research/tra-2022-37 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)