Cyber Resilience

CVE-2022-40619

HighPublic PoCRCE

Published: 28 January 2026

Published
28 January 2026
Modified
09 March 2026
KEV Added
Patch
CVSS Score v3.1 7.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
EPSS Score 0.0238 85.3th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-40619 is a high-severity Command Injection (CWE-77) vulnerability in Netgear Rbr20 Firmware. Its CVSS base score is 7.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 14.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2022-40619 is an unauthenticated arbitrary command injection vulnerability (CWE-77) in the FunJSQ third-party module, which is integrated into certain NETGEAR routers and Orbi WiFi Systems. The module exposes an HTTP server over the LAN interface of affected devices, allowing injection through the funjsq_access_token parameter. Vulnerable models include R6230 before firmware 1.1.0.112, R6260 before 1.1.0.88, R7000 before 1.0.11.134, R8900 before 1.0.5.42, R9000 before 1.0.5.42, XR300 before 1.0.3.72, and Orbi RBR20 before 2.7.2.26, RBR50 before 2.7.4.26, RBS20 before 2.7.2.26, and RBS50 before 2.7.4.26. The vulnerability carries a CVSS v3.1 base score of 7.7 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L).

An attacker on the local network with access to the LAN interface can exploit this issue without authentication by sending crafted HTTP requests to the vulnerable FunJSQ HTTP server, injecting arbitrary commands via the funjsq_access_token parameter. Successful exploitation enables command execution on the device, potentially compromising confidentiality and integrity to a high degree, with low impact on availability.

NETGEAR's security advisory PSV-2022-0117 addresses vulnerabilities in FunJSQ on the affected routers and Orbi systems, recommending firmware updates to the versions that remediate the issue, such as 1.1.0.112 for R6230. Additional details are provided in advisories from NETGEAR (https://kb.netgear.com/000065132/Security-Advisory-for-Vulnerabilities-in-FunJSQ-on-Some-Routers-and-Orbi-WiFi-Systems-PSV-2022-0117) and OneKey (https://www.onekey.com/resource/security-advisory-netgear-routers-funjsq-vulnerabilities).

EU & UK References

Vulnerability details

FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, exposes an HTTP server over the LAN interface of affected devices. This interface is vulnerable to unauthenticated arbitrary command injection through the funjsq_access_token parameter. This affects R6230…

more

before 1.1.0.112, R6260 before 1.1.0.88, R7000 before 1.0.11.134, R8900 before 1.0.5.42, R9000 before 1.0.5.42, and XR300 before 1.0.3.72 and Orbi RBR20 before 2.7.2.26, RBR50 before 2.7.4.26, RBS20 before 2.7.2.26, and RBS50 before 2.7.4.26.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

Unauthenticated command injection over HTTP directly enables exploitation of the exposed service (T1190) and arbitrary Unix shell command execution (T1059.004) on the router.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-54802Same vendor: Netgear
CVE-2022-40620Same product: Netgear R6230
CVE-2025-50526Same vendor: Netgear
CVE-2024-12847Same vendor: Netgear
CVE-2024-54804Same vendor: Netgear
CVE-2024-54807Same vendor: Netgear
CVE-2025-28219Same vendor: Netgear
CVE-2024-54805Same vendor: Netgear
CVE-2024-54803Same vendor: Netgear
CVE-2024-54808Same vendor: Netgear

Affected Assets

netgear
rbr20 firmware
≤ 2.7.2.26
netgear
r6230 firmware
≤ 1.1.0.112
netgear
r6260 firmware
≤ 1.1.0.88
netgear
r7000 firmware
≤ 1.0.11.134
netgear
r8900 firmware
≤ 1.0.5.42
netgear
r9000 firmware
≤ 1.0.5.42
netgear
rax120 firmware
≤ 1.2.8.40
netgear
rax120v2 firmware
≤ 1.2.8.40
netgear
xr300 firmware
≤ 1.0.3.72
netgear
rbs20 firmware
≤ 2.7.2.26

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents command injection by validating inputs to the funjsq_access_token parameter in the FunJSQ HTTP server.

prevent

Requires timely firmware updates to remediate the specific command injection flaw in the FunJSQ module as advised by NETGEAR.

prevent

Limits or prohibits unauthenticated actions like command injection over the exposed LAN HTTP interface.

References