CVE-2022-47208

HIGH

Netgear Nighthawk AX Series Firmware < 1.0.9.90 - Unauthenticated OS Command Injection via puhttpsniff Service

Title source: llm

Description

The “puhttpsniff” service, which runs by default, is susceptible to command injection due to improperly sanitized user input. An unauthenticated attacker on the same network segment as the router can execute arbitrary commands on the device without authentication.

References (1)

Core 1

Core References

Vendor Advisory

https://www.tenable.com/security/research/tra-2022-37

Scores

CVSS v3 8.8

EPSS 0.0114

EPSS Percentile 78.7%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-78

Status published

Products (6)

netgear/nighthawk_ax11000_firmware < 1.0.9.90

netgear/nighthawk_ax1800_firmware < 1.0.9.90

netgear/nighthawk_ax2400_firmware < 1.0.9.90

netgear/nighthawk_ax3000_firmware < 1.0.9.90

netgear/nighthawk_ax5400_firmware < 1.0.9.90

netgear/nighthawk_ax6000_firmware < 1.0.9.90

Published Dec 16, 2022

Tracked Since Feb 18, 2026