CVE-2022-40619

HIGH

7.7

Beschreibung

FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, exposes an HTTP server over the LAN interface of affected devices. This interface is vulnerable to unauthenticated arbitrary command injection through the funjsq_access_token parameter. This affects R6230 before 1.1.0.112, R6260 before 1.1.0.88, R7000 before 1.0.11.134, R8900 before 1.0.5.42, R9000 before 1.0.5.42, and XR300 before 1.0.3.72 and Orbi RBR20 before 2.7.2.26, RBR50 before 2.7.4.26, RBS20 before 2.7.2.26, and RBS50 before 2.7.4.26.

CVE Details

CVSS v3.1 Bewertung7.7

SchweregradHIGH

CVSS VektorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

AngriffsvektorNETWORK

KomplexitatHIGH

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht1/28/2026

Zuletzt geandert3/9/2026

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

netgear:r6230netgear:r6230_firmwarenetgear:r6260netgear:r6260_firmwarenetgear:r7000netgear:r7000_firmwarenetgear:r8900netgear:r8900_firmwarenetgear:r9000netgear:r9000_firmwarenetgear:rax120netgear:rax120_firmwarenetgear:rax120v2netgear:rax120v2_firmwarenetgear:rbr20netgear:rbr20_firmwarenetgear:rbs20netgear:rbs20_firmwarenetgear:xr300netgear:xr300_firmware

Schwachen (CWE)

CWE-77

Referenzen

https://kb.netgear.com/000065132/Security-Advisory-for-Vulnerabilities-in-FunJSQ-on-Some-Routers-and-Orbi-WiFi-Systems-PSV-2022-0117(cve@mitre.org)

https://www.onekey.com/resource/security-advisory-netgear-routers-funjsq-vulnerabilities(cve@mitre.org)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.