CVE-2022-47052

MEDIUM

Nighthawk R6220 AC1200 - CRLF Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-47052. PoCs published by dest-3.

AI-analyzed exploit summary This repository provides a detailed writeup of CVE-2022-47052, a CRLF injection vulnerability in the Nighthawk R6220 AC1200 Smart Wi-Fi Router. The vulnerability allows unauthenticated remote attackers to perform reflected XSS and HTML injection via crafted URLs, potentially leading to credential theft or administrative actions.

Description

The web interface of the 'Nighthawk R6220 AC1200 Smart Wi-Fi Router' is vulnerable to a CRLF Injection attack that can be leveraged to perform Reflected XSS and HTML Injection. A malicious unauthenticated attacker can exploit this vulnerability using a specially crafted URL. This affects firmware versions: V1.1.0.112_1.0.1, V1.1.0.114_1.0.1.

Exploits (1)

nomisec WRITEUP
by dest-3 · poc
https://github.com/dest-3/CVE-2022-47052

This repository provides a detailed writeup of CVE-2022-47052, a CRLF injection vulnerability in the Nighthawk R6220 AC1200 Smart Wi-Fi Router. The vulnerability allows unauthenticated remote attackers to perform reflected XSS and HTML injection via crafted URLs, potentially leading to credential theft or administrative actions.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: NETGEAR Nighthawk R6220 AC1200 Smart Wi-Fi Router (V1.1.0.112_1.0.1, V1.1.0.114_1.0.1)
No auth needed
Prerequisites: Network access to the router's web interface · Victim interaction to open a crafted URL
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 6.1
EPSS 0.0065
EPSS Percentile 46.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-74
Status published
Products (2)
netgear/ac1200_r6220_firmware 1.1.0.112_1.0.1
netgear/ac1200_r6220_firmware 1.1.0.114_1.0.1
Published Jan 26, 2023
Tracked Since Feb 18, 2026