Arbitrary Command Execution Vulnerability in Telnet Console for a Network Device
CVE-2022-47210

7.8HIGH

Key Information:

Vendor: Netgear
Status: Netgear Nighthawk Wifi6 Router
Vendor: CVE Published:; 16 December 2022

Summary

The default telnet console on the affected network devices is limited to a specific set of commands. However, due to improper input handling, authenticated users can exploit this console to issue arbitrary commands directly to the system. This vulnerability presents a significant security risk, allowing attackers to potentially gain control over the device and its functions.

Affected Version(s)

NETGEAR Nighthawk WiFi6 Router NETGEAR Nighthawk WiFi6 Router prior to V1.0.9.90

References

https://www.tenable.com/security/research/tra-2022-37

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 16, 2022
Vulnerability Reserved
Dec 12, 2022