CVE-2022-4390

Exploit

EPSS 0.13%
Veröffentlicht 09.12.2022 20:15:10
Zuletzt bearbeitet 14.04.2025 18:15:26
Quelle vulnreport@tenable.com
Teams Watchlist Login
Unerledigt Login

A network misconfiguration is present in versions prior to 1.0.9.90 of the NETGEAR RAX30 AX2400 series of routers. IPv6 is enabled for the WAN interface by default on these devices. While there are firewall restrictions in place that define access restrictions for IPv4 traffic, these restrictions do not appear to be applied to the WAN interface for IPv6. This allows arbitrary access to any services running on the device that may be inadvertently listening via IPv6, such as the SSH and Telnet servers spawned on ports 22 and 23 by default. This misconfiguration could allow an attacker to interact with services only intended to be accessible by clients on the local network.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Netgear ≫ Ax2400 Firmware Version < 1.0.9.90

Netgear ≫ Ax2400 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.13%	0.335

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	10	3.9	6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	10	3.9	6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

https://www.synacktiv.com/en/publications/cool-vulns-dont-live-long-netgear-and-pwn2own.html

Patch

Third Party Advisory

Exploit

https://www.tenable.com/security/research/tra-2022-36%2C

https://nvd.nist.gov/vuln/detail/CVE-2022-4390

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-4390

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-4390

EUVD