HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2022-40619

CVSS 7.7v3.1pub. 2026-01-28upd. 2026-03-09

FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, exposes an HTTP server over the LAN interface of affected devices. This interface is vulnerable to unauthenticated arbitrary command injection through the funjsq_access_token parameter. This affects R6230 before 1.1.0.112, R6260 before 1.1.0.88, R7000 before 1.0.11.134, R8900 before 1.0.5.42, R9000 before 1.0.5.42, and XR300 before 1.0.3.72 and Orbi RBR20 before 2.7.2.26, RBR50 before 2.7.4.26, RBS20 before 2.7.2.26, and RBS50 before 2.7.4.26.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
  • Netgear R6230

    HW
    Netgear
    wszystkie wersje
  • Netgear R6230 Firmware

    OS
    Netgear
    < 1.1.0.112
  • Netgear R6260

    HW
    Netgear
    wszystkie wersje
  • Netgear R6260 Firmware

    OS
    Netgear
    < 1.1.0.88
  • Netgear R7000

    HW
    Netgear
    wszystkie wersje
  • Netgear R7000 Firmware

    OS
    Netgear
    < 1.0.11.134
  • Netgear R8900

    HW
    Netgear
    wszystkie wersje
  • Netgear R8900 Firmware

    OS
    Netgear
    < 1.0.5.42
  • Netgear R9000

    HW
    Netgear
    wszystkie wersje
  • Netgear R9000 Firmware

    OS
    Netgear
    < 1.0.5.42
  • Netgear Rax120

    HW
    Netgear
    wszystkie wersje
  • Netgear Rax120 Firmware

    OS
    Netgear
    < 1.2.8.40
  • Netgear Rax120v2

    HW
    Netgear
    wszystkie wersje
  • Netgear Rax120v2 Firmware

    OS
    Netgear
    < 1.2.8.40
  • Netgear Rbr20

    HW
    Netgear
    wszystkie wersje
  • Netgear Rbr20 Firmware

    OS
    Netgear
    < 2.7.2.26
  • Netgear Rbs20

    HW
    Netgear
    wszystkie wersje
  • Netgear Rbs20 Firmware

    OS
    Netgear
    < 2.7.2.26
  • Netgear Xr300

    HW
    Netgear
    wszystkie wersje
  • Netgear Xr300 Firmware

    OS
    Netgear
    < 1.0.3.72
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2023-36187CRITICAL9.8ten sam produkt

Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attac...

CVE-2022-37235CRITICAL9.8ten sam produkt

Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerable to Buffe...

CVE-2021-45610CRITICAL9.6ten sam produkt

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D6220 b...

CVE-2021-45527CRITICAL9.6ten sam produkt

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6220 before ...

CVE-2021-45501CRITICAL9.4ten sam produkt

Certain NETGEAR devices are affected by authentication bypass. This affects AC2400 before 1.1.0.84, AC2600 bef...