VAR-202212-1498
Vulnerability from variot - Updated: 2025-09-08 23:14The “puhttpsniff” service, which runs by default, is susceptible to command injection due to improperly sanitized user input. An unauthenticated attacker on the same network segment as the router can execute arbitrary commands on the device without authentication. nighthawk ax1800 firmware, nighthawk ax2400 firmware, nighthawk ax3000 For multiple Netgear products such as firmware, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The NETGEAR Nighthawk WiFi 6 Router is a series of WiFi 6-enabled routers from NETGEAR, designed for users seeking a high-speed internet experience
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202212-1498",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nighthawk ax2400",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.9.90"
},
{
"model": "nighthawk ax1800",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.9.90"
},
{
"model": "nighthawk ax3000",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.9.90"
},
{
"model": "nighthawk ax6000",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.9.90"
},
{
"model": "nighthawk ax5400",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.9.90"
},
{
"model": "nighthawk ax11000",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "1.0.9.90"
},
{
"model": "nighthawk ax3000",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "nighthawk ax1800",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "nighthawk ax11000",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "nighthawk ax6000",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "nighthawk ax5400",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "nighthawk ax2400",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "nighthawk wifi6 router",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "1.0.9.90"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-20502"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023970"
},
{
"db": "NVD",
"id": "CVE-2022-47208"
}
]
},
"cve": "CVE-2022-47208",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2025-20502",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-47208",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-47208",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-47208",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2022-47208",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-47208",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2025-20502",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202212-3436",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-20502"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3436"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023970"
},
{
"db": "NVD",
"id": "CVE-2022-47208"
},
{
"db": "NVD",
"id": "CVE-2022-47208"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The \u201cpuhttpsniff\u201d service, which runs by default, is susceptible to command injection due to improperly sanitized user input. An unauthenticated attacker on the same network segment as the router can execute arbitrary commands on the device without authentication. nighthawk ax1800 firmware, nighthawk ax2400 firmware, nighthawk ax3000 For multiple Netgear products such as firmware, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The NETGEAR Nighthawk WiFi 6 Router is a series of WiFi 6-enabled routers from NETGEAR, designed for users seeking a high-speed internet experience",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-47208"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023970"
},
{
"db": "CNVD",
"id": "CNVD-2025-20502"
},
{
"db": "VULMON",
"id": "CVE-2022-47208"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-47208",
"trust": 3.9
},
{
"db": "TENABLE",
"id": "TRA-2022-37",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023970",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-20502",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3436",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-47208",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-20502"
},
{
"db": "VULMON",
"id": "CVE-2022-47208"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3436"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023970"
},
{
"db": "NVD",
"id": "CVE-2022-47208"
}
]
},
"id": "VAR-202212-1498",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-20502"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-20502"
}
]
},
"last_update_date": "2025-09-08T23:14:27.261000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for NETGEAR Nighthawk WiFi6 Router Command Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/726611"
},
{
"title": "NETGEAR Nighthawk Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=219184"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-20502"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3436"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-023970"
},
{
"db": "NVD",
"id": "CVE-2022-47208"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.tenable.com/security/research/tra-2022-37"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-47208"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-47208/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-20502"
},
{
"db": "VULMON",
"id": "CVE-2022-47208"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3436"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023970"
},
{
"db": "NVD",
"id": "CVE-2022-47208"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-20502"
},
{
"db": "VULMON",
"id": "CVE-2022-47208"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3436"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023970"
},
{
"db": "NVD",
"id": "CVE-2022-47208"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-09-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-20502"
},
{
"date": "2022-12-16T00:00:00",
"db": "VULMON",
"id": "CVE-2022-47208"
},
{
"date": "2022-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202212-3436"
},
{
"date": "2023-11-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-023970"
},
{
"date": "2022-12-16T20:15:08.860000",
"db": "NVD",
"id": "CVE-2022-47208"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-09-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-20502"
},
{
"date": "2022-12-16T00:00:00",
"db": "VULMON",
"id": "CVE-2022-47208"
},
{
"date": "2022-12-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202212-3436"
},
{
"date": "2023-11-30T04:46:00",
"db": "JVNDB",
"id": "JVNDB-2022-023970"
},
{
"date": "2025-04-17T18:15:45.287000",
"db": "NVD",
"id": "CVE-2022-47208"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-3436"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "in multiple NETGEAR products. \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-023970"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-3436"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…