TROYANOSYVIRUS
Zuruck zu CVEs

CVE-2022-40620

HIGH
7.7

Beschreibung

FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not properly validate TLS certificates when downloading update packages through its auto-update mechanism. An attacker (suitably positioned on the network) could intercept the update request and deliver a malicious update package in order to gain arbitrary code execution on affected devices. This affects R6230 before 1.1.0.112, R6260 before 1.1.0.88, R7000 before 1.0.11.134, R8900 before 1.0.5.42, R9000 before 1.0.5.42, and XR300 before 1.0.3.72 and Orbi RBR20 before 2.7.2.26, RBR50 before 2.7.4.26, RBS20 before 2.7.2.26, and RBS50 before 2.7.4.26.

CVE Details

CVSS v3.1 Bewertung7.7
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
AngriffsvektorNETWORK
KomplexitatHIGH
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht1/28/2026
Zuletzt geandert3/9/2026
Quellenvd
Honeypot-Sichtungen0

Betroffene Produkte

netgear:r6230netgear:r6230_firmwarenetgear:r6260netgear:r6260_firmwarenetgear:r7000netgear:r7000_firmwarenetgear:r8900netgear:r8900_firmwarenetgear:r9000netgear:r9000_firmwarenetgear:rax120netgear:rax120_firmwarenetgear:rax120v2netgear:rax120v2_firmwarenetgear:rbr20netgear:rbr20_firmwarenetgear:rbs20netgear:rbs20_firmwarenetgear:xr300netgear:xr300_firmware

Schwachen (CWE)

CWE-295

Referenzen

https://kb.netgear.com/000065132/Security-Advisory-for-Vulnerabilities-in-FunJSQ-on-Some-Routers-and-Orbi-WiFi-Systems-PSV-2022-0117(cve@mitre.org)
https://www.onekey.com/resource/security-advisory-netgear-routers-funjsq-vulnerabilities(cve@mitre.org)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.