{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-4390", "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "assignerShortName": "tenable", "dateUpdated": "2025-04-14T18:11:54.051Z", "dateReserved": "2022-12-09T00:00:00.000Z", "datePublished": "2022-12-09T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable", "dateUpdated": "2022-12-09T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "A network misconfiguration is present in versions prior to 1.0.9.90 of the NETGEAR RAX30 AX2400 series of routers. IPv6 is enabled for the WAN interface by default on these devices. While there are firewall restrictions in place that define access restrictions for IPv4 traffic, these restrictions do not appear to be applied to the WAN interface for IPv6. This allows arbitrary access to any services running on the device that may be inadvertently listening via IPv6, such as the SSH and Telnet servers spawned on ports 22 and 23 by default. This misconfiguration could allow an attacker to interact with services only intended to be accessible by clients on the local network."}], "affected": [{"vendor": "n/a", "product": "NETGEAR Nighthawk RAX30", "versions": [{"version": "NETGEAR Nighthawk WiFi6 Router prior to V1.0.9.90", "status": "affected"}]}], "references": [{"url": "https://www.tenable.com/security/research/tra-2022-36%2C"}, {"url": "https://www.synacktiv.com/en/publications/cool-vulns-dont-live-long-netgear-and-pwn2own.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Security Misconfiguration"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:41:44.182Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.tenable.com/security/research/tra-2022-36%2C", "tags": ["x_transferred"]}, {"url": "https://www.synacktiv.com/en/publications/cool-vulns-dont-live-long-netgear-and-pwn2own.html", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-noinfo Not enough information"}]}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 10, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-04-14T15:50:32.586823Z", "id": "CVE-2022-4390", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-14T18:11:54.051Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.tenable.com/security/research/tra-2022-36%2C", "tags": ["x_transferred"]}, {"url": "https://www.synacktiv.com/en/publications/cool-vulns-dont-live-long-netgear-and-pwn2own.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:41:44.182Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 10, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-4390", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-14T15:50:32.586823Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-14T15:51:56.130Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "NETGEAR Nighthawk RAX30", "versions": [{"status": "affected", "version": "NETGEAR Nighthawk WiFi6 Router prior to V1.0.9.90"}]}], "references": [{"url": "https://www.tenable.com/security/research/tra-2022-36%2C"}, {"url": "https://www.synacktiv.com/en/publications/cool-vulns-dont-live-long-netgear-and-pwn2own.html"}], "descriptions": [{"lang": "en", "value": "A network misconfiguration is present in versions prior to 1.0.9.90 of the NETGEAR RAX30 AX2400 series of routers. IPv6 is enabled for the WAN interface by default on these devices. While there are firewall restrictions in place that define access restrictions for IPv4 traffic, these restrictions do not appear to be applied to the WAN interface for IPv6. This allows arbitrary access to any services running on the device that may be inadvertently listening via IPv6, such as the SSH and Telnet servers spawned on ports 22 and 23 by default. This misconfiguration could allow an attacker to interact with services only intended to be accessible by clients on the local network."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Security Misconfiguration"}]}], "providerMetadata": {"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable", "dateUpdated": "2022-12-09T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2022-4390", "state": "PUBLISHED", "dateUpdated": "2025-04-14T18:11:54.051Z", "dateReserved": "2022-12-09T00:00:00.000Z", "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "datePublished": "2022-12-09T00:00:00.000Z", "assignerShortName": "tenable"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:ax2400_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AB84F680-27CE-4298-A80B-5144E8DE72A3", "versionEndExcluding": "1.0.9.90", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:ax2400:-:*:*:*:*:*:*:*", "matchCriteriaId": "F99D5663-D12C-4934-8872-093F742C2259", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A network misconfiguration is present in versions prior to 1.0.9.90 of the NETGEAR RAX30 AX2400 series of routers. IPv6 is enabled for the WAN interface by default on these devices. While there are firewall restrictions in place that define access restrictions for IPv4 traffic, these restrictions do not appear to be applied to the WAN interface for IPv6. This allows arbitrary access to any services running on the device that may be inadvertently listening via IPv6, such as the SSH and Telnet servers spawned on ports 22 and 23 by default. This misconfiguration could allow an attacker to interact with services only intended to be accessible by clients on the local network."}, {"lang": "es", "value": "Hay una mala configuraci\u00f3n de red en versiones anteriores a la 1.0.9.90 de la serie de routers NETGEAR RAX30 AX2400. IPv6 est\u00e1 habilitado para la interfaz WAN de forma predeterminada en estos dispositivos. Si bien existen restricciones de firewall que definen restricciones de acceso para el tr\u00e1fico IPv4, estas restricciones no parecen aplicarse a la interfaz WAN para IPv6. Esto permite el acceso arbitrario a cualquier servicio que se ejecute en el dispositivo y que pueda estar escuchando inadvertidamente a trav\u00e9s de IPv6, como los servidores SSH y Telnet generados en los puertos 22 y 23 de forma predeterminada. Esta configuraci\u00f3n incorrecta podr\u00eda permitir que un atacante interact\u00fae con servicios a los que solo pueden acceder los clientes en la red local."}], "id": "CVE-2022-4390", "lastModified": "2025-04-14T18:15:26.737", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2022-12-09T20:15:10.863", "references": [{"source": "vulnreport@tenable.com", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://www.synacktiv.com/en/publications/cool-vulns-dont-live-long-netgear-and-pwn2own.html"}, {"source": "vulnreport@tenable.com", "url": "https://www.tenable.com/security/research/tra-2022-36%2C"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://www.synacktiv.com/en/publications/cool-vulns-dont-live-long-netgear-and-pwn2own.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.tenable.com/security/research/tra-2022-36%2C"}], "sourceIdentifier": "vulnreport@tenable.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}