CVE-2022-4390 (GCVE-0-2022-4390)

Vulnerability from cvelistv5 – Published: 2022-12-09 00:00 – Updated: 2025-04-14 18:11
VLAI?
Summary
A network misconfiguration is present in versions prior to 1.0.9.90 of the NETGEAR RAX30 AX2400 series of routers. IPv6 is enabled for the WAN interface by default on these devices. While there are firewall restrictions in place that define access restrictions for IPv4 traffic, these restrictions do not appear to be applied to the WAN interface for IPv6. This allows arbitrary access to any services running on the device that may be inadvertently listening via IPv6, such as the SSH and Telnet servers spawned on ports 22 and 23 by default. This misconfiguration could allow an attacker to interact with services only intended to be accessible by clients on the local network.
Severity ?
10 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE
  • Security Misconfiguration
Assigner
References
Impacted products
Vendor Product Version
n/a NETGEAR Nighthawk RAX30 Affected: NETGEAR Nighthawk WiFi6 Router prior to V1.0.9.90
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:41:44.182Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/research/tra-2022-36%2C"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.synacktiv.com/en/publications/cool-vulns-dont-live-long-netgear-and-pwn2own.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 10,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-4390",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-14T15:50:32.586823Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-14T18:11:54.051Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NETGEAR Nighthawk RAX30",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "NETGEAR Nighthawk WiFi6 Router prior to V1.0.9.90"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A network misconfiguration is present in versions prior to 1.0.9.90 of the NETGEAR RAX30 AX2400 series of routers. IPv6 is enabled for the WAN interface by default on these devices. While there are firewall restrictions in place that define access restrictions for IPv4 traffic, these restrictions do not appear to be applied to the WAN interface for IPv6. This allows arbitrary access to any services running on the device that may be inadvertently listening via IPv6, such as the SSH and Telnet servers spawned on ports 22 and 23 by default. This misconfiguration could allow an attacker to interact with services only intended to be accessible by clients on the local network."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Security Misconfiguration",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-09T00:00:00.000Z",
        "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "shortName": "tenable"
      },
      "references": [
        {
          "url": "https://www.tenable.com/security/research/tra-2022-36%2C"
        },
        {
          "url": "https://www.synacktiv.com/en/publications/cool-vulns-dont-live-long-netgear-and-pwn2own.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
    "assignerShortName": "tenable",
    "cveId": "CVE-2022-4390",
    "datePublished": "2022-12-09T00:00:00.000Z",
    "dateReserved": "2022-12-09T00:00:00.000Z",
    "dateUpdated": "2025-04-14T18:11:54.051Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2022-4390",
      "date": "2026-04-25",
      "epss": "0.00431",
      "percentile": "0.62629"
    },
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:netgear:ax2400_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.0.9.90\", \"matchCriteriaId\": \"AB84F680-27CE-4298-A80B-5144E8DE72A3\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:netgear:ax2400:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F99D5663-D12C-4934-8872-093F742C2259\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A network misconfiguration is present in versions prior to 1.0.9.90 of the NETGEAR RAX30 AX2400 series of routers. IPv6 is enabled for the WAN interface by default on these devices. While there are firewall restrictions in place that define access restrictions for IPv4 traffic, these restrictions do not appear to be applied to the WAN interface for IPv6. This allows arbitrary access to any services running on the device that may be inadvertently listening via IPv6, such as the SSH and Telnet servers spawned on ports 22 and 23 by default. This misconfiguration could allow an attacker to interact with services only intended to be accessible by clients on the local network.\"}, {\"lang\": \"es\", \"value\": \"Hay una mala configuraci\\u00f3n de red en versiones anteriores a la 1.0.9.90 de la serie de routers NETGEAR RAX30 AX2400. IPv6 est\\u00e1 habilitado para la interfaz WAN de forma predeterminada en estos dispositivos. Si bien existen restricciones de firewall que definen restricciones de acceso para el tr\\u00e1fico IPv4, estas restricciones no parecen aplicarse a la interfaz WAN para IPv6. Esto permite el acceso arbitrario a cualquier servicio que se ejecute en el dispositivo y que pueda estar escuchando inadvertidamente a trav\\u00e9s de IPv6, como los servidores SSH y Telnet generados en los puertos 22 y 23 de forma predeterminada. Esta configuraci\\u00f3n incorrecta podr\\u00eda permitir que un atacante interact\\u00fae con servicios a los que solo pueden acceder los clientes en la red local.\"}]",
      "id": "CVE-2022-4390",
      "lastModified": "2024-11-21T07:35:10.843",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 10.0, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 6.0}]}",
      "published": "2022-12-09T20:15:10.863",
      "references": "[{\"url\": \"https://www.synacktiv.com/en/publications/cool-vulns-dont-live-long-netgear-and-pwn2own.html\", \"source\": \"vulnreport@tenable.com\", \"tags\": [\"Exploit\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.tenable.com/security/research/tra-2022-36%2C\", \"source\": \"vulnreport@tenable.com\"}, {\"url\": \"https://www.synacktiv.com/en/publications/cool-vulns-dont-live-long-netgear-and-pwn2own.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.tenable.com/security/research/tra-2022-36%2C\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "vulnreport@tenable.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-4390\",\"sourceIdentifier\":\"vulnreport@tenable.com\",\"published\":\"2022-12-09T20:15:10.863\",\"lastModified\":\"2025-04-14T18:15:26.737\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A network misconfiguration is present in versions prior to 1.0.9.90 of the NETGEAR RAX30 AX2400 series of routers. IPv6 is enabled for the WAN interface by default on these devices. While there are firewall restrictions in place that define access restrictions for IPv4 traffic, these restrictions do not appear to be applied to the WAN interface for IPv6. This allows arbitrary access to any services running on the device that may be inadvertently listening via IPv6, such as the SSH and Telnet servers spawned on ports 22 and 23 by default. This misconfiguration could allow an attacker to interact with services only intended to be accessible by clients on the local network.\"},{\"lang\":\"es\",\"value\":\"Hay una mala configuraci\u00f3n de red en versiones anteriores a la 1.0.9.90 de la serie de routers NETGEAR RAX30 AX2400. IPv6 est\u00e1 habilitado para la interfaz WAN de forma predeterminada en estos dispositivos. Si bien existen restricciones de firewall que definen restricciones de acceso para el tr\u00e1fico IPv4, estas restricciones no parecen aplicarse a la interfaz WAN para IPv6. Esto permite el acceso arbitrario a cualquier servicio que se ejecute en el dispositivo y que pueda estar escuchando inadvertidamente a trav\u00e9s de IPv6, como los servidores SSH y Telnet generados en los puertos 22 y 23 de forma predeterminada. Esta configuraci\u00f3n incorrecta podr\u00eda permitir que un atacante interact\u00fae con servicios a los que solo pueden acceder los clientes en la red local.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":6.0},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:ax2400_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.9.90\",\"matchCriteriaId\":\"AB84F680-27CE-4298-A80B-5144E8DE72A3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:ax2400:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F99D5663-D12C-4934-8872-093F742C2259\"}]}]}],\"references\":[{\"url\":\"https://www.synacktiv.com/en/publications/cool-vulns-dont-live-long-netgear-and-pwn2own.html\",\"source\":\"vulnreport@tenable.com\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/research/tra-2022-36%2C\",\"source\":\"vulnreport@tenable.com\"},{\"url\":\"https://www.synacktiv.com/en/publications/cool-vulns-dont-live-long-netgear-and-pwn2own.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/research/tra-2022-36%2C\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.tenable.com/security/research/tra-2022-36%2C\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.synacktiv.com/en/publications/cool-vulns-dont-live-long-netgear-and-pwn2own.html\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T01:41:44.182Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 10, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-4390\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-14T15:50:32.586823Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"description\": \"CWE-noinfo Not enough information\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-14T15:51:56.130Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"NETGEAR Nighthawk RAX30\", \"versions\": [{\"status\": \"affected\", \"version\": \"NETGEAR Nighthawk WiFi6 Router prior to V1.0.9.90\"}]}], \"references\": [{\"url\": \"https://www.tenable.com/security/research/tra-2022-36%2C\"}, {\"url\": \"https://www.synacktiv.com/en/publications/cool-vulns-dont-live-long-netgear-and-pwn2own.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A network misconfiguration is present in versions prior to 1.0.9.90 of the NETGEAR RAX30 AX2400 series of routers. IPv6 is enabled for the WAN interface by default on these devices. While there are firewall restrictions in place that define access restrictions for IPv4 traffic, these restrictions do not appear to be applied to the WAN interface for IPv6. This allows arbitrary access to any services running on the device that may be inadvertently listening via IPv6, such as the SSH and Telnet servers spawned on ports 22 and 23 by default. This misconfiguration could allow an attacker to interact with services only intended to be accessible by clients on the local network.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Security Misconfiguration\"}]}], \"providerMetadata\": {\"orgId\": \"5ac1ecc2-367a-4d16-a0b2-35d495ddd0be\", \"shortName\": \"tenable\", \"dateUpdated\": \"2022-12-09T00:00:00.000Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-4390\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-14T18:11:54.051Z\", \"dateReserved\": \"2022-12-09T00:00:00.000Z\", \"assignerOrgId\": \"5ac1ecc2-367a-4d16-a0b2-35d495ddd0be\", \"datePublished\": \"2022-12-09T00:00:00.000Z\", \"assignerShortName\": \"tenable\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.