CVE-2022-47210

Summary

The default console presented to users over telnet (when enabled) is restricted to a subset of commands. Commands issued at this console, however, appear to be fed directly into a system call or other similar function. This allows any authenticated user to execute arbitrary commands on the device.

Affected Software

VendorProductVersion RangeStatus
n/aNETGEAR Nighthawk WiFi6 RouterNETGEAR Nighthawk WiFi6 Router prior to V1.0.9.90affected

Weaknesses

  • Command Injection

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References