CVE-2022-47052

Опубликовано: 26 янв. 2023

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

The web interface of the 'Nighthawk R6220 AC1200 Smart Wi-Fi Router' is vulnerable to a CRLF Injection attack that can be leveraged to perform Reflected XSS and HTML Injection. A malicious unauthenticated attacker can exploit this vulnerability using a specially crafted URL. This affects firmware versions: V1.1.0.112_1.0.1, V1.1.0.114_1.0.1.

Ссылки

https://github.com/dest-3/NETGEAR/tree/main/CVE-2022-47052
Exploit
Third Party Advisory
https://github.com/dest-3/NETGEAR/tree/main/CVE-2022-47052
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:netgear:ac1200_r6220_firmware:1.1.0.112_1.0.1:*:*:*:*:*:*:*

cpe:2.3:o:netgear:ac1200_r6220_firmware:1.1.0.114_1.0.1:*:*:*:*:*:*:*

cpe:2.3:h:netgear:ac1200_r6220:-:*:*:*:*:*:*:*

EPSS

Процентиль: 61%

0.00422

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-74

Связанные уязвимости

GHSA-2347-hhxr-8hg9