CVE-2022-47208
Severity Score
8.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The “puhttpsniff” service, which runs by default, is susceptible to command injection due to improperly sanitized user input. An unauthenticated attacker on the same network segment as the router can execute arbitrary commands on the device without authentication.
El servicio ?puhttpsniff?, que se ejecuta de forma predeterminada, es susceptible a la inyección de comandos debido a una entrada de usuario mal sanitizada. Un atacante no autenticado en el mismo segmento de red que el router puede ejecutar comandos arbitrarios en el dispositivo sin autenticación.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-12-12 CVE Reserved
- 2022-12-16 CVE Published
- 2023-08-28 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.tenable.com/security/research/tra-2022-37 | 2023-08-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Netgear Search vendor "Netgear" | Nighthawk Ax1800 Firmware Search vendor "Netgear" for product "Nighthawk Ax1800 Firmware" | < 1.0.9.90 Search vendor "Netgear" for product "Nighthawk Ax1800 Firmware" and version " < 1.0.9.90" | - |
Affected
| in | Netgear Search vendor "Netgear" | Nighthawk Ax1800 Search vendor "Netgear" for product "Nighthawk Ax1800" | - | - |
Safe
|
| Netgear Search vendor "Netgear" | Nighthawk Ax2400 Firmware Search vendor "Netgear" for product "Nighthawk Ax2400 Firmware" | < 1.0.9.90 Search vendor "Netgear" for product "Nighthawk Ax2400 Firmware" and version " < 1.0.9.90" | - |
Affected
| in | Netgear Search vendor "Netgear" | Nighthawk Ax2400 Search vendor "Netgear" for product "Nighthawk Ax2400" | - | - |
Safe
|
| Netgear Search vendor "Netgear" | Nighthawk Ax3000 Firmware Search vendor "Netgear" for product "Nighthawk Ax3000 Firmware" | < 1.0.9.90 Search vendor "Netgear" for product "Nighthawk Ax3000 Firmware" and version " < 1.0.9.90" | - |
Affected
| in | Netgear Search vendor "Netgear" | Nighthawk Ax3000 Search vendor "Netgear" for product "Nighthawk Ax3000" | - | - |
Safe
|
| Netgear Search vendor "Netgear" | Nighthawk Ax5400 Firmware Search vendor "Netgear" for product "Nighthawk Ax5400 Firmware" | < 1.0.9.90 Search vendor "Netgear" for product "Nighthawk Ax5400 Firmware" and version " < 1.0.9.90" | - |
Affected
| in | Netgear Search vendor "Netgear" | Nighthawk Ax5400 Search vendor "Netgear" for product "Nighthawk Ax5400" | - | - |
Safe
|
| Netgear Search vendor "Netgear" | Nighthawk Ax6000 Firmware Search vendor "Netgear" for product "Nighthawk Ax6000 Firmware" | < 1.0.9.90 Search vendor "Netgear" for product "Nighthawk Ax6000 Firmware" and version " < 1.0.9.90" | - |
Affected
| in | Netgear Search vendor "Netgear" | Nighthawk Ax6000 Search vendor "Netgear" for product "Nighthawk Ax6000" | - | - |
Safe
|
| Netgear Search vendor "Netgear" | Nighthawk Ax11000 Firmware Search vendor "Netgear" for product "Nighthawk Ax11000 Firmware" | < 1.0.9.90 Search vendor "Netgear" for product "Nighthawk Ax11000 Firmware" and version " < 1.0.9.90" | - |
Affected
| in | Netgear Search vendor "Netgear" | Nighthawk Ax11000 Search vendor "Netgear" for product "Nighthawk Ax11000" | - | - |
Safe
|