CVE-2022-40620

Published Jan 28, 2026

Last updated 2 months ago

CVSS high 7.7

Netgear

Overview

Description: FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not properly validate TLS certificates when downloading update packages through its auto-update mechanism. An attacker (suitably positioned on the network) could intercept the update request and deliver a malicious update package in order to gain arbitrary code execution on affected devices. This affects R6230 before 1.1.0.112, R6260 before 1.1.0.88, R7000 before 1.0.11.134, R8900 before 1.0.5.42, R9000 before 1.0.5.42, and XR300 before 1.0.3.72 and Orbi RBR20 before 2.7.2.26, RBR50 before 2.7.4.26, RBS20 before 2.7.2.26, and RBS50 before 2.7.4.26.
Source: cve@mitre.org
NVD status: Analyzed
Products: rbr20_firmware, r6230_firmware, r6260_firmware, r7000_firmware, r8900_firmware, r9000_firmware, rax120_firmware, rax120v2_firmware, xr300_firmware, rbs20_firmware

Risk scores

CVSS 3.1

Type: Secondary
Base score: 7.7
Impact score: 5.5
Exploitability score: 2.2
Vector string: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
Severity: HIGH

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-295

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "BA89FD9D-321A-4AC0-BA34-99E1E44E9F6E",
            "versionEndExcluding": "2.7.2.26",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:rbr20:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "AE5DBD66-9C2A-4EFF-87AB-03E791D584B5",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r6230_firmware:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "18AC4290-2157-47C6-822B-6D74AA1555D4",
            "versionEndExcluding": "1.1.0.112",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r6230:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "C91CADFA-59DB-4B6C-A914-848884F4A4BD",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r6260_firmware:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "035DDBDE-4099-4740-B029-968CFC8F8A9A",
            "versionEndExcluding": "1.1.0.88",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r6260:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "3C395D49-57F9-4BC1-8619-57127355B86B",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "5376DD03-0DDD-4B0C-A185-EC226515B32A",
            "versionEndExcluding": "1.0.11.134",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "28E8F8CF-434B-4AA9-81B7-8814A6640DF5",
            "versionEndExcluding": "1.0.5.42",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r8900:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "0F859165-8D89-4CDD-9D48-9C7923D2261F",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "CB2F24D5-B4E8-4C06-B6EC-8FF579A18755",
            "versionEndExcluding": "1.0.5.42",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:r9000:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "D74F1BFC-562E-4E7D-BBAB-2F8B593B5A57",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:rax120_firmware:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "E9462FE4-2215-4247-9F28-B2AB72B68E32",
            "versionEndExcluding": "1.2.8.40",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:rax120:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "1742BD56-84E4-40E1-8C04-098B3715161E",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:rax120v2_firmware:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "A31C1203-2E92-40BF-AC9A-1344E531ACA2",
            "versionEndExcluding": "1.2.8.40",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:rax120v2:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "50D741E6-43F9-4BDC-B1A4-281AC73A7C19",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:xr300_firmware:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "004CA551-E868-447C-B853-3A13E5956C3B",
            "versionEndExcluding": "1.0.3.72",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:xr300:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "5590CF28-B88A-4755-904B-1BC1778FBEDD",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:netgear:rbs20_firmware:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "DB4593AB-3CBD-4C18-AC19-0A7F60FB4AE4",
            "versionEndExcluding": "2.7.2.26",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:netgear:rbs20:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "14FC7F5B-7E4F-4A68-8427-D1F553EBE8CA",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References