CVE-2022-47208

The “puhttpsniff” service, which runs by default, is susceptible to command injection due to improperly sanitized user input. An unauthenticated attacker on the same network segment as the router can execute arbitrary commands on the device without authentication.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.tenable.com/security/research/tra-2022-37	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:h:netgear:nighthawk_ax1800:-:*:*:*:*:*:*:*

cpe:2.3:o:netgear:nighthawk_ax1800_firmware:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:h:netgear:nighthawk_ax2400:-:*:*:*:*:*:*:*

cpe:2.3:o:netgear:nighthawk_ax2400_firmware:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:h:netgear:nighthawk_ax3000:-:*:*:*:*:*:*:*

cpe:2.3:o:netgear:nighthawk_ax3000_firmware:*:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:h:netgear:nighthawk_ax5400:-:*:*:*:*:*:*:*

cpe:2.3:o:netgear:nighthawk_ax5400_firmware:*:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:h:netgear:nighthawk_ax6000:-:*:*:*:*:*:*:*

cpe:2.3:o:netgear:nighthawk_ax6000_firmware:*:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:h:netgear:nighthawk_ax11000:-:*:*:*:*:*:*:*

cpe:2.3:o:netgear:nighthawk_ax11000_firmware:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-12-16 20:15

Updated : 2023-08-08 14:21

NVD link : CVE-2022-47208

Mitre link : CVE-2022-47208

CVE.ORG link : CVE-2022-47208

JSON object : View

Products Affected

netgear

nighthawk_ax1800
nighthawk_ax11000_firmware
nighthawk_ax6000
nighthawk_ax1800_firmware
nighthawk_ax6000_firmware
nighthawk_ax5400_firmware
nighthawk_ax2400
nighthawk_ax5400
nighthawk_ax2400_firmware
nighthawk_ax11000
nighthawk_ax3000
nighthawk_ax3000_firmware

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2022-47208", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2022-12-16T20:15:08.860", "references": [{"url": "https://www.tenable.com/security/research/tra-2022-37", "tags": ["Vendor Advisory"], "source": "vulnreport@tenable.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "The \u201cpuhttpsniff\u201d service, which runs by default, is susceptible to command injection due to improperly sanitized user input. An unauthenticated attacker on the same network segment as the router can execute arbitrary commands on the device without authentication."}, {"lang": "es", "value": "El servicio ?puhttpsniff?, que se ejecuta de forma predeterminada, es susceptible a la inyecci\u00f3n de comandos debido a una entrada de usuario mal sanitizada. Un atacante no autenticado en el mismo segmento de red que el router puede ejecutar comandos arbitrarios en el dispositivo sin autenticaci\u00f3n."}], "lastModified": "2023-08-08T14:21:49.707", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:nighthawk_ax1800:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1DE3A065-960D-4C5C-94BC-213136A7F346"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:nighthawk_ax1800_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B99D0FE-39ED-4211-9E9A-7D2E691E1BFC", "versionEndExcluding": "1.0.9.90"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:nighthawk_ax2400:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "268E1ED5-73FA-47D5-9E1E-7A7DDA6D2B67"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:nighthawk_ax2400_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB05778B-B483-410D-B840-C3BBCABDDF21", "versionEndExcluding": "1.0.9.90"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:nighthawk_ax3000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E72EBF68-B0C1-4870-A53D-3BA183337706"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:nighthawk_ax3000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "75A82842-679A-4BE5-80DA-F765C9574CA9", "versionEndExcluding": "1.0.9.90"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:nighthawk_ax5400:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2BE92943-95C9-4B04-AD1F-656BEB6ED20E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:nighthawk_ax5400_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "361AFE8C-CAA7-49EB-8D3E-6E40340CB9FC", "versionEndExcluding": "1.0.9.90"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:nighthawk_ax6000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "18BDA466-4A39-4D20-A82A-FE3D2770F4FA"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:nighthawk_ax6000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F80E127F-1374-4781-B4D6-720F4F48D8D4", "versionEndExcluding": "1.0.9.90"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:nighthawk_ax11000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D8F7CDAB-F102-4B24-9561-592C36708F1D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netgear:nighthawk_ax11000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5E19D5AB-C995-4155-8049-775BC8CF9051", "versionEndExcluding": "1.0.9.90"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "vulnreport@tenable.com"}