How severe is CVE-2022-4390?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 10 out of 10.

What type of vulnerability is CVE-2022-4390?

This is classified as NVD-CWE-Other, which is a common weakness in software security.

CVE-2022-4390

CRITICAL Year: 2022

CVSS v3 Score

10.0

Critical

Weakness Type

NVD-CWE-Other

View all →

Vulnerability Description

A network misconfiguration is present in versions prior to 1.0.9.90 of the NETGEAR RAX30 AX2400 series of routers. IPv6 is enabled for the WAN interface by default on these devices. While there are firewall restrictions in place that define access restrictions for IPv4 traffic, these restrictions do not appear to be applied to the WAN interface for IPv6. This allows arbitrary access to any services running on the device that may be inadvertently listening via IPv6, such as the SSH and Telnet servers spawned on ports 22 and 23 by default. This misconfiguration could allow an attacker to interact with services only intended to be accessible by clients on the local network.

CVE-2015-7930

CRITICAL

CVSS:10.0(Critical)

Adcon Telemetry A840 Telemetry Gateway Base Station has hardcoded credentials, which allows remote attackers to obtain administrative access via unspecified vectors.

NVD-CWE-Other2015

CVE-2016-1343

CRITICAL

CVSS:10.0(Critical)

The XML parser in Cisco Information Server (CIS) 6.2 allows remote attackers to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in con...

NVD-CWE-Other2016

CVE-2016-20010

CRITICAL

CVSS:10.0(Critical)

EWWW Image Optimizer before 2.8.5 allows remote command execution because it relies on a protection mechanism involving boolval, which is unavailable before PHP 5.5.

NVD-CWE-Other2016

CVE-2016-4787

CRITICAL

CVSS:10.0(Critical)

Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read sensitive system authentication files in an unspecified directo...

NVD-CWE-Other2016

CVE-2017-10137

CRITICAL

CVSS:10.0(Critical)

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: JNDI). Supported versions that are affected are 10.3.6.0 and 12.1.3.0. Easily exploitable vulnerability...

NVD-CWE-Other2017

CVE-2017-10151

CRITICAL

CVSS:10.0(Critical)

Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Default Account). Supported versions that are affected are 11.1.1.7, 11.1.2.3 and 12.2.1.3. Easily exp...

NVD-CWE-Other2017

CVE-2022-4390

Vulnerability Description

Related Vulnerabilities

CVE-2015-7930

CVE-2016-1343

CVE-2016-20010

CVE-2016-4787

CVE-2017-10137

CVE-2017-10151