CVE-2022-40620

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-40620
FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not properly validate TLS certificates when downloading update packages through its auto-update mechanism. An attacker (suitably positioned on the network) could intercept the update request and deliver a malicious update package in order to gain arbitrary code execution on affected devices. This affects R6230 before 1.1.0.112, R6260 before 1.1.0.88, R7000 before 1.0.11.134, R8900 before 1.0.5.42, R9000 before 1.0.5.42, and XR300 before 1.0.3.72 and Orbi RBR20 before 2.7.2.26, RBR50 before 2.7.4.26, RBS20 before 2.7.2.26, and RBS50 before 2.7.4.26.

7.7 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 5.5

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://kb.netgear.com/000065132/Security-Advisory-for-Vulnerabilities-in-FunJSQ-on-Some-Routers-and-Orbi-WiFi-Systems-PSV-2022-0117 Vendor Advisory
https://www.onekey.com/resource/security-advisory-netgear-routers-funjsq-vulnerabilities Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:netgear:r6230_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6230:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:netgear:r6260_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6260:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:netgear:rax120_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rax120:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:netgear:rax120v2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rax120v2:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:netgear:xr300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:xr300:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*
History

09 Mar 2026, 14:41

Type Values Removed Values Added
Summary
  • (es) FunJSQ, un módulo de terceros integrado en algunos routers NETGEAR y sistemas WiFi Orbi, no valida correctamente los certificados TLS al descargar paquetes de actualización a través de su mecanismo de autoactualización. Un atacante (posicionado adecuadamente en la red) podría interceptar la solicitud de actualización y entregar un paquete de actualización malicioso para obtener ejecución de código arbitrario en los dispositivos afectados. Esto afecta a R6230 anterior a 1.1.0.112, R6260 anterior a 1.1.0.88, R7000 anterior a 1.0.11.134, R8900 anterior a 1.0.5.42, R9000 anterior a 1.0.5.42, y XR300 anterior a 1.0.3.72 y Orbi RBR20 anterior a 2.7.2.26, RBR50 anterior a 2.7.4.26, RBS20 anterior a 2.7.2.26, y RBS50 anterior a 2.7.4.26.
References () https://kb.netgear.com/000065132/Security-Advisory-for-Vulnerabilities-in-FunJSQ-on-Some-Routers-and-Orbi-WiFi-Systems-PSV-2022-0117 - () https://kb.netgear.com/000065132/Security-Advisory-for-Vulnerabilities-in-FunJSQ-on-Some-Routers-and-Orbi-WiFi-Systems-PSV-2022-0117 - Vendor Advisory
References () https://www.onekey.com/resource/security-advisory-netgear-routers-funjsq-vulnerabilities - () https://www.onekey.com/resource/security-advisory-netgear-routers-funjsq-vulnerabilities - Exploit, Third Party Advisory
CPE cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6260:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r6260_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r6230:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rax120v2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rax120v2:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rax120:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:xr300:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:r6230_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rax120_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:xr300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*
First Time Netgear r6230
Netgear r9000
Netgear r6260
Netgear rax120
Netgear rbs20 Firmware
Netgear r6230 Firmware
Netgear xr300 Firmware
Netgear
Netgear rbr20
Netgear r7000
Netgear rax120v2
Netgear r6260 Firmware
Netgear r8900
Netgear rbr20 Firmware
Netgear r7000 Firmware
Netgear rax120 Firmware
Netgear rax120v2 Firmware
Netgear r8900 Firmware
Netgear xr300
Netgear rbs20
Netgear r9000 Firmware

29 Jan 2026, 19:16

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.7
CWE CWE-295

28 Jan 2026, 19:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-01-28 19:16

Updated : 2026-03-09 14:41

NVD link : CVE-2022-40620

Mitre link : CVE-2022-40620

CVE.ORG link : CVE-2022-40620

JSON object : View

Products Affected

netgear

  • rbs20_firmware
  • xr300_firmware
  • r8900_firmware
  • rbs20
  • r6230
  • r6260_firmware
  • r9000
  • r6260
  • r7000
  • rbr20
  • rax120
  • rax120v2_firmware
  • rbr20_firmware
  • r8900
  • rax120_firmware
  • r7000_firmware
  • r9000_firmware
  • xr300
  • rax120v2
  • r6230_firmware
CWE
CWE-295

Improper Certificate Validation