Network Misconfiguration in NETGEAR RAX30 AX2400 Series Routers
CVE-2022-4390

10CRITICAL

Key Information:

Vendor: Netgear
Status: Netgear Nighthawk Rax30
Vendor: CVE Published:; 9 December 2022

Summary

Versions of the NETGEAR RAX30 AX2400 series routers prior to 1.0.9.90 exhibit a network misconfiguration where IPv6 is enabled by default on the WAN interface. While there are existing firewall restrictions for IPv4 traffic, these do not extend to IPv6 traffic, potentially exposing services such as SSH and Telnet to unauthorized access. This could allow remote attackers to interact with services that are typically restricted to local network clients, posing significant security risks.

Affected Version(s)

NETGEAR Nighthawk RAX30 NETGEAR Nighthawk WiFi6 Router prior to V1.0.9.90

References

https://www.tenable.com/security/research/tra-2022-36%2C

https://www.synacktiv.com/en/publications/cool-vulns-dont...

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 9, 2022
Vulnerability Reserved
Dec 9, 2022