Lucene search

[email protected]CVE-2022-47210

HistoryDec 16, 2022 - 8:15 p.m.

CVE-2022-47210

2022-12-1620:15:09

CWE-78

[email protected]

web.nvd.nist.gov

cve-2022-47210

telnet

authentication bypass

command execution

nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

The default console presented to users over telnet (when enabled) is restricted to a subset of commands. Commands issued at this console, however, appear to be fed directly into a system call or other similar function. This allows any authenticated user to execute arbitrary commands on the device.

Affected configurations

NVD

Node

netgearrax30_firmwareRange<1.0.9.90

AND

netgearrax30Match-

CPENameOperatorVersion
netgear:rax30_firmwarenetgear rax30 firmwarelt1.0.9.90

CPE	Name	Operator	Version
netgear:rax30_firmware	netgear rax30 firmware	lt	1.0.9.90

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "NETGEAR Nighthawk WiFi6 Router",
    "versions": [
      {
        "version": "NETGEAR Nighthawk WiFi6 Router prior to V1.0.9.90",
        "status": "affected"
      }
    ]
  }
]

References

www.tenable.com/security/research/tra-2022-37

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2022-47210

nvd1 cvelist1 prion1