Details of VAR-202212-1499

ID

VAR-202212-1499

CVE

CVE-2022-47209

TITLE

of netgear RAX30 Authentication vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2022-023959

DESCRIPTION

A support user exists on the device and appears to be a backdoor for Technical Support staff. The default password for this account is “support” and cannot be changed by a user via any normally accessible means. of netgear RAX30 An authentication vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The NETGEAR Nighthawk WiFi 6 Router is a series of WiFi 6-enabled routers from NETGEAR, designed for users seeking a high-speed internet experience. The NETGEAR Nighthawk WiFi 6 Router has an authorization vulnerability caused by the presence of four default user accounts on the device. Detailed vulnerability details are not available at this time

Trust: 2.25

sources: NVD: CVE-2022-47209 // JVNDB: JVNDB-2022-023959 // CNVD: CNVD-2025-20501 // VULMON: CVE-2022-47209

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-20501

AFFECTED PRODUCTS

vendor:	netgear	model:	rax30	scope:	lt	version:	1.0.9.90	Trust: 1.0
vendor:	ネットギア	model:	rax30	scope:	eq	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rax30	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rax30	scope:	eq	version:	rax30 firmware 1.0.9.90	Trust: 0.8
vendor:	netgear	model:	nighthawk wifi6 router	scope:	lt	version:	1.0.9.90	Trust: 0.6

sources: CNVD: CNVD-2025-20501 // JVNDB: JVNDB-2022-023959 // NVD: CVE-2022-47209

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-47209
value:	HIGH
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2022-47209
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-47209
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-20501
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202212-3434
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-20501
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-47209
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2022-47209
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-20501 // CNNVD: CNNVD-202212-3434 // JVNDB: JVNDB-2022-023959 // NVD: CVE-2022-47209 // NVD: CVE-2022-47209

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.0
problemtype:	Inappropriate authentication (CWE-287) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-023959 // NVD: CVE-2022-47209

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202212-3434

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202212-3434

PATCH

title:	Patch for NETGEAR Nighthawk WiFi6 Router Authorization Issue Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/726606	Trust: 0.6
title:	NETGEAR Nighthawk WiFi6 Router Repair measures for trust management problem vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=219183	Trust: 0.6

sources: CNVD: CNVD-2025-20501 // CNNVD: CNNVD-202212-3434

EXTERNAL IDS

db:	NVD	id:	CVE-2022-47209	Trust: 3.9
db:	TENABLE	id:	TRA-2022-37	Trust: 2.5
db:	JVNDB	id:	JVNDB-2022-023959	Trust: 0.8
db:	CNVD	id:	CNVD-2025-20501	Trust: 0.6
db:	CNNVD	id:	CNNVD-202212-3434	Trust: 0.6
db:	VULMON	id:	CVE-2022-47209	Trust: 0.1

sources: CNVD: CNVD-2025-20501 // VULMON: CVE-2022-47209 // CNNVD: CNNVD-202212-3434 // JVNDB: JVNDB-2022-023959 // NVD: CVE-2022-47209

REFERENCES

url:	https://www.tenable.com/security/research/tra-2022-37	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-47209	Trust: 1.4
url:	https://cxsecurity.com/cveshow/cve-2022-47209/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2025-20501 // VULMON: CVE-2022-47209 // CNNVD: CNNVD-202212-3434 // JVNDB: JVNDB-2022-023959 // NVD: CVE-2022-47209

SOURCES

db:	CNVD	id:	CNVD-2025-20501
db:	VULMON	id:	CVE-2022-47209
db:	CNNVD	id:	CNNVD-202212-3434
db:	JVNDB	id:	JVNDB-2022-023959
db:	NVD	id:	CVE-2022-47209

LAST UPDATE DATE

2025-09-08T23:14:27.291000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-20501	date:	2025-09-05T00:00:00
db:	VULMON	id:	CVE-2022-47209	date:	2022-12-16T00:00:00
db:	CNNVD	id:	CNNVD-202212-3434	date:	2022-12-28T00:00:00
db:	JVNDB	id:	JVNDB-2022-023959	date:	2023-11-30T04:39:00
db:	NVD	id:	CVE-2022-47209	date:	2025-04-17T19:15:54.770

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-20501	date:	2025-09-02T00:00:00
db:	VULMON	id:	CVE-2022-47209	date:	2022-12-16T00:00:00
db:	CNNVD	id:	CNNVD-202212-3434	date:	2022-12-16T00:00:00
db:	JVNDB	id:	JVNDB-2022-023959	date:	2023-11-30T00:00:00
db:	NVD	id:	CVE-2022-47209	date:	2022-12-16T20:15:08.940