CVE-2022-47208
8.8
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The “puhttpsniff” service, which runs by default, is susceptible to command injection due to improperly sanitized user input. An unauthenticated attacker on the same network segment as the router can execute arbitrary commands on the device without authentication.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | NETGEAR Nighthawk WiFi6 Router | NETGEAR Nighthawk WiFi6 Router prior to V1.0.9.90 | affected |
Weaknesses
- Command Injection
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.