CVE-2022-47208

Summary

The “puhttpsniff” service, which runs by default, is susceptible to command injection due to improperly sanitized user input. An unauthenticated attacker on the same network segment as the router can execute arbitrary commands on the device without authentication.

Affected Software

VendorProductVersion RangeStatus
n/aNETGEAR Nighthawk WiFi6 RouterNETGEAR Nighthawk WiFi6 Router prior to V1.0.9.90affected

Weaknesses

  • Command Injection

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References