CVE-2022-4390
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A network misconfiguration is present in versions prior to 1.0.9.90 of the NETGEAR RAX30 AX2400 series of routers. IPv6 is enabled for the WAN interface by default on these devices. While there are firewall restrictions in place that define access restrictions for IPv4 traffic, these restrictions do not appear to be applied to the WAN interface for IPv6. This allows arbitrary access to any services running on the device that may be inadvertently listening via IPv6, such as the SSH and Telnet servers spawned on ports 22 and 23 by default. This misconfiguration could allow an attacker to interact with services only intended to be accessible by clients on the local network.
Hay una mala configuración de red en versiones anteriores a la 1.0.9.90 de la serie de routers NETGEAR RAX30 AX2400. IPv6 está habilitado para la interfaz WAN de forma predeterminada en estos dispositivos. Si bien existen restricciones de firewall que definen restricciones de acceso para el tráfico IPv4, estas restricciones no parecen aplicarse a la interfaz WAN para IPv6. Esto permite el acceso arbitrario a cualquier servicio que se ejecute en el dispositivo y que pueda estar escuchando inadvertidamente a través de IPv6, como los servidores SSH y Telnet generados en los puertos 22 y 23 de forma predeterminada. Esta configuración incorrecta podría permitir que un atacante interactúe con servicios a los que solo pueden acceder los clientes en la red local.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-12-09 CVE Reserved
- 2022-12-09 CVE Published
- 2024-07-01 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://www.tenable.com/security/research/tra-2022-36%2C |
URL | Date | SRC |
---|---|---|
https://www.synacktiv.com/en/publications/cool-vulns-dont-live-long-netgear-and-pwn2own.html | 2024-08-03 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Netgear Search vendor "Netgear" | Ax2400 Firmware Search vendor "Netgear" for product "Ax2400 Firmware" | < 1.0.9.90 Search vendor "Netgear" for product "Ax2400 Firmware" and version " < 1.0.9.90" | - |
Affected
| in | Netgear Search vendor "Netgear" | Ax2400 Search vendor "Netgear" for product "Ax2400" | - | - |
Safe
|