Details of VAR-202601-4765

ID

VAR-202601-4765

CVE

CVE-2022-40619

TITLE

of netgear R6230 Command injection vulnerabilities in multiple firmware and other products

Trust: 0.8

sources: JVNDB: JVNDB-2026-006516

DESCRIPTION

FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, exposes an HTTP server over the LAN interface of affected devices. This interface is vulnerable to unauthenticated arbitrary command injection through the funjsq_access_token parameter. This affects R6230 before 1.1.0.112, R6260 before 1.1.0.88, R7000 before 1.0.11.134, R8900 before 1.0.5.42, R9000 before 1.0.5.42, and XR300 before 1.0.3.72 and Orbi RBR20 before 2.7.2.26, RBR50 before 2.7.4.26, RBS20 before 2.7.2.26, and RBS50 before 2.7.4.26. R6230 (version 1.1.0.112 before), R6260 (( 1.1.0.88 before), R7000 (( 1.0.11.134 before), R8900 (( 1.0.5.42 before), R9000 (( 1.0.5.42 before), XR300 (( 1.0.3.72 before), and Orbi RBR20 (( 2.7.2.26 before), RBR50 (( 2.7.4.26 before), RBS20 (( 2.7.2.26 before), RBS50 (( 2.7.4.26 This affects all models (before ).All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, part of the software may stop functioning. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2022-40619 // JVNDB: JVNDB-2026-006516

AFFECTED PRODUCTS

vendor:	netgear	model:	rbr20	scope:	lt	version:	2.7.2.26	Trust: 1.0
vendor:	netgear	model:	r6260	scope:	lt	version:	1.1.0.88	Trust: 1.0
vendor:	netgear	model:	r6230	scope:	lt	version:	1.1.0.112	Trust: 1.0
vendor:	netgear	model:	r9000	scope:	lt	version:	1.0.5.42	Trust: 1.0
vendor:	netgear	model:	r7000	scope:	lt	version:	1.0.11.134	Trust: 1.0
vendor:	netgear	model:	rbs20	scope:	lt	version:	2.7.2.26	Trust: 1.0
vendor:	netgear	model:	xr300	scope:	lt	version:	1.0.3.72	Trust: 1.0
vendor:	netgear	model:	rax120	scope:	lt	version:	1.2.8.40	Trust: 1.0
vendor:	netgear	model:	rax120v2	scope:	lt	version:	1.2.8.40	Trust: 1.0
vendor:	netgear	model:	r8900	scope:	lt	version:	1.0.5.42	Trust: 1.0
vendor:	ネットギア	model:	r9000	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6260	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbr20	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r8900	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r6230	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r7000	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbs20	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	xr300	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rax120v2	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rax120	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-006516 // NVD: CVE-2022-40619

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2022-40619
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2026-006516
value:	HIGH
Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2022-40619
baseSeverity:	HIGH
baseScore:	7.7
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	LOW
exploitabilityScore:	2.2
impactScore:	5.5
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2026-006516
baseSeverity:	HIGH
baseScore:	7.7
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-006516 // NVD: CVE-2022-40619

PROBLEMTYPE DATA

problemtype:	CWE-77	Trust: 1.0
problemtype:	Command injection (CWE-77) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-006516 // NVD: CVE-2022-40619

PATCH

title:

Security Advisory for Vulnerabilities in FunJSQ on Some Routers and Orbi WiFi Systems, PSV-2022-0117 - NETGEAR Support

url:

https://www.onekey.com/resource/security-advisory-netgear-routers-funjsq-vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2026-006516

EXTERNAL IDS

db:	NVD	id:	CVE-2022-40619	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-006516	Trust: 0.8

sources: JVNDB: JVNDB-2026-006516 // NVD: CVE-2022-40619

REFERENCES

url:	https://www.onekey.com/resource/security-advisory-netgear-routers-funjsq-vulnerabilities	Trust: 1.0
url:	https://kb.netgear.com/000065132/security-advisory-for-vulnerabilities-in-funjsq-on-some-routers-and-orbi-wifi-systems-psv-2022-0117	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2022-40619	Trust: 0.8

sources: JVNDB: JVNDB-2026-006516 // NVD: CVE-2022-40619

SOURCES

db:	JVNDB	id:	JVNDB-2026-006516
db:	NVD	id:	CVE-2022-40619

LAST UPDATE DATE

2026-03-12T23:44:22.055000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-006516	date:	2026-03-11T06:57:00
db:	NVD	id:	CVE-2022-40619	date:	2026-03-09T14:43:22.340

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-006516	date:	2026-03-11T00:00:00
db:	NVD	id:	CVE-2022-40619	date:	2026-01-28T19:16:18.893