CVE-2022-40620

EUVD-2022-43894

28.01.2026, 19:16

FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not properly validate TLS certificates when downloading update packages through its auto-update mechanism. An attacker (suitably positioned on the network) could intercept the update request and deliver a malicious update package in order to gain arbitrary code execution on affected devices. This affects R6230 before 1.1.0.112, R6260 before 1.1.0.88, R7000 before 1.0.11.134, R8900 before 1.0.5.42, R9000 before 1.0.5.42, and XR300 before 1.0.3.72 and Orbi RBR20 before 2.7.2.26, RBR50 before 2.7.4.26, RBS20 before 2.7.2.26, and RBS50 before 2.7.4.26.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.7 HIGH	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
netgear	rbr20_firmware	𝑥 < 2.7.2.26
netgear	r6230_firmware	𝑥 < 1.1.0.112
netgear	r6260_firmware	𝑥 < 1.1.0.88
netgear	r7000_firmware	𝑥 < 1.0.11.134
netgear	r8900_firmware	𝑥 < 1.0.5.42
netgear	r9000_firmware	𝑥 < 1.0.5.42
netgear	rax120_firmware	𝑥 < 1.2.8.40
netgear	rax120v2_firmware	𝑥 < 1.2.8.40
netgear	xr300_firmware	𝑥 < 1.0.3.72
netgear	rbs20_firmware	𝑥 < 2.7.2.26

𝑥

= Vulnerable software versions

Known Exploits!

https://www.onekey.com/resource/security-advisory-netgear-routers-funjsq-vulnerabilities

Common Weakness Enumeration

CWE-295 - Improper Certificate Validation
The software does not validate, or incorrectly validates, a certificate.

References

https://kb.netgear.com/000065132/Security-Advisory-for-Vulnerabilities-in-FunJSQ-on-Some-Routers-and-Orbi-WiFi-Systems-PSV-2022-0117

https://www.onekey.com/resource/security-advisory-netgear-routers-funjsq-vulnerabilities