CVE-2022-40620
BaseFortify
Publication date: 2026-01-28
Last updated on: 2026-03-09
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| netgear | rbr20_firmware | to 2.7.2.26 (exc) |
| netgear | r6230_firmware | to 1.1.0.112 (exc) |
| netgear | r6260_firmware | to 1.1.0.88 (exc) |
| netgear | r7000_firmware | to 1.0.11.134 (exc) |
| netgear | r8900_firmware | to 1.0.5.42 (exc) |
| netgear | r9000_firmware | to 1.0.5.42 (exc) |
| netgear | rax120_firmware | to 1.2.8.40 (exc) |
| netgear | rax120v2_firmware | to 1.2.8.40 (exc) |
| netgear | xr300_firmware | to 1.0.3.72 (exc) |
| netgear | rbs20_firmware | to 2.7.2.26 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-295 | The product does not validate, or incorrectly validates, a certificate. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the FunJSQ module used in some NETGEAR routers and Orbi WiFi Systems. The module does not properly validate TLS certificates when downloading update packages via its auto-update mechanism. This flaw allows an attacker positioned on the network to intercept the update request and deliver a malicious update package, potentially leading to arbitrary code execution on the affected devices.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker to execute arbitrary code on affected NETGEAR routers or Orbi WiFi Systems. This could lead to unauthorized control over the device, potentially compromising network security, intercepting or manipulating network traffic, or disrupting network services.