Sign-up

ID

VAR-202212-1498


CVE

CVE-2022-47208


TITLE

in multiple NETGEAR products.  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-023970

DESCRIPTION

The “puhttpsniff” service, which runs by default, is susceptible to command injection due to improperly sanitized user input. An unauthenticated attacker on the same network segment as the router can execute arbitrary commands on the device without authentication. nighthawk ax1800 firmware, nighthawk ax2400 firmware, nighthawk ax3000 For multiple Netgear products such as firmware, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The NETGEAR Nighthawk WiFi 6 Router is a series of WiFi 6-enabled routers from NETGEAR, designed for users seeking a high-speed internet experience

Trust: 2.25

sources: NVD: CVE-2022-47208 // JVNDB: JVNDB-2022-023970 // CNVD: CNVD-2025-20502 // VULMON: CVE-2022-47208

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-20502

AFFECTED PRODUCTS

vendor:netgearmodel:nighthawk ax2400scope:ltversion:1.0.9.90

Trust: 1.0

vendor:netgearmodel:nighthawk ax1800scope:ltversion:1.0.9.90

Trust: 1.0

vendor:netgearmodel:nighthawk ax3000scope:ltversion:1.0.9.90

Trust: 1.0

vendor:netgearmodel:nighthawk ax6000scope:ltversion:1.0.9.90

Trust: 1.0

vendor:netgearmodel:nighthawk ax5400scope:ltversion:1.0.9.90

Trust: 1.0

vendor:netgearmodel:nighthawk ax11000scope:ltversion:1.0.9.90

Trust: 1.0

vendor:ネットギアmodel:nighthawk ax3000scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:nighthawk ax1800scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:nighthawk ax11000scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:nighthawk ax6000scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:nighthawk ax5400scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:nighthawk ax2400scope: - version: -

Trust: 0.8

vendor:netgearmodel:nighthawk wifi6 routerscope:ltversion:1.0.9.90

Trust: 0.6

sources: CNVD: CNVD-2025-20502 // JVNDB: JVNDB-2022-023970 // NVD: CVE-2022-47208

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-47208
value: HIGH

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2022-47208
value: HIGH

Trust: 1.0

NVD: CVE-2022-47208
value: HIGH

Trust: 0.8

CNVD: CNVD-2025-20502
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202212-3436
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-20502
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-47208
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2022-47208
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-20502 // CNNVD: CNNVD-202212-3436 // JVNDB: JVNDB-2022-023970 // NVD: CVE-2022-47208 // NVD: CVE-2022-47208

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:OS Command injection (CWE-78) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-023970 // NVD: CVE-2022-47208

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202212-3436

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202212-3436

PATCH

title:Patch for NETGEAR Nighthawk WiFi6 Router Command Injection Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/726611

Trust: 0.6

title:NETGEAR Nighthawk Enter the fix for the verification error vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=219184

Trust: 0.6

sources: CNVD: CNVD-2025-20502 // CNNVD: CNNVD-202212-3436

EXTERNAL IDS

db:NVDid:CVE-2022-47208

Trust: 3.9

db:TENABLEid:TRA-2022-37

Trust: 3.1

db:JVNDBid:JVNDB-2022-023970

Trust: 0.8

db:CNVDid:CNVD-2025-20502

Trust: 0.6

db:CNNVDid:CNNVD-202212-3436

Trust: 0.6

db:VULMONid:CVE-2022-47208

Trust: 0.1

sources: CNVD: CNVD-2025-20502 // VULMON: CVE-2022-47208 // CNNVD: CNNVD-202212-3436 // JVNDB: JVNDB-2022-023970 // NVD: CVE-2022-47208

REFERENCES

url:https://www.tenable.com/security/research/tra-2022-37

Trust: 3.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-47208

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-47208/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2025-20502 // VULMON: CVE-2022-47208 // CNNVD: CNNVD-202212-3436 // JVNDB: JVNDB-2022-023970 // NVD: CVE-2022-47208

SOURCES

db:CNVDid:CNVD-2025-20502
db:VULMONid:CVE-2022-47208
db:CNNVDid:CNNVD-202212-3436
db:JVNDBid:JVNDB-2022-023970
db:NVDid:CVE-2022-47208

LAST UPDATE DATE

2025-09-08T23:14:27.261000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-20502date:2025-09-05T00:00:00
db:VULMONid:CVE-2022-47208date:2022-12-16T00:00:00
db:CNNVDid:CNNVD-202212-3436date:2022-12-28T00:00:00
db:JVNDBid:JVNDB-2022-023970date:2023-11-30T04:46:00
db:NVDid:CVE-2022-47208date:2025-04-17T18:15:45.287

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-20502date:2025-09-02T00:00:00
db:VULMONid:CVE-2022-47208date:2022-12-16T00:00:00
db:CNNVDid:CNNVD-202212-3436date:2022-12-16T00:00:00
db:JVNDBid:JVNDB-2022-023970date:2023-11-30T00:00:00
db:NVDid:CVE-2022-47208date:2022-12-16T20:15:08.860