Cyber Resilience

CVE-2022-40620

HighPublic PoC

Published: 28 January 2026

Published
28 January 2026
Modified
09 March 2026
KEV Added
Patch
CVSS Score v3.1 7.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
EPSS Score 0.0011 28.2th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-40620 is a high-severity Improper Certificate Validation (CWE-295) vulnerability in Netgear Rbr20 Firmware. Its CVSS base score is 7.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Compromise Software Supply Chain (T1195.002); ranked at the 28.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 CM-14 (Signed Components) and SC-17 (Public Key Infrastructure Certificates).

Deeper analysis

CVE-2022-40620 is a vulnerability in the FunJSQ third-party module, which is integrated into select NETGEAR routers and Orbi WiFi Systems. The flaw arises from improper validation of TLS certificates during the auto-update mechanism when downloading update packages. Affected products include NETGEAR R6230 prior to firmware version 1.1.0.112, R6260 prior to 1.1.0.88, R7000 prior to 1.0.11.134, R8900 prior to 1.0.5.42, R9000 prior to 1.0.5.42, XR300 prior to 1.0.3.72, and Orbi RBR20 prior to 2.7.2.26, RBR50 prior to 2.7.4.26, RBS20 prior to 2.7.2.26, and RBS50 prior to 2.7.4.26.

An attacker suitably positioned on the network can intercept the device's update request and deliver a malicious update package, achieving arbitrary code execution on the affected device. The CVSS v3.1 base score of 7.7 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L) indicates network-based exploitation with high attack complexity, requiring no privileges or user interaction, and resulting in high confidentiality and integrity impacts alongside low availability impact. The issue maps to CWE-295 (Improper Certificate Validation).

NETGEAR's security advisory PSV-2022-0117 details the FunJSQ vulnerabilities and associated firmware updates for mitigation on the listed models. Additional analysis is provided in OneKey's security advisory on the topic.

EU & UK References

Vulnerability details

FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not properly validate TLS certificates when downloading update packages through its auto-update mechanism. An attacker (suitably positioned on the network) could intercept the update request and…

more

deliver a malicious update package in order to gain arbitrary code execution on affected devices. This affects R6230 before 1.1.0.112, R6260 before 1.1.0.88, R7000 before 1.0.11.134, R8900 before 1.0.5.42, R9000 before 1.0.5.42, and XR300 before 1.0.3.72 and Orbi RBR20 before 2.7.2.26, RBR50 before 2.7.4.26, RBS20 before 2.7.2.26, and RBS50 before 2.7.4.26.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1195.002 Compromise Software Supply Chain Initial Access
Adversaries may manipulate application software prior to receipt by a final consumer for the purpose of data or system compromise.
Why these techniques?

Improper TLS cert validation in auto-update directly enables MITM delivery of malicious firmware (software supply chain compromise) resulting in RCE on the device.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2022-40619Same product: Netgear R6230
CVE-2024-54806Same vendor: Netgear
CVE-2025-7407Same vendor: Netgear
CVE-2024-54802Same vendor: Netgear
CVE-2024-54804Same vendor: Netgear
CVE-2024-54807Same vendor: Netgear
CVE-2026-0404Same vendor: Netgear
CVE-2024-57046Same vendor: Netgear
CVE-2025-44658Same vendor: Netgear
CVE-2026-0407Same vendor: Netgear

Affected Assets

netgear
rbr20 firmware
≤ 2.7.2.26
netgear
r6230 firmware
≤ 1.1.0.112
netgear
r6260 firmware
≤ 1.1.0.88
netgear
r7000 firmware
≤ 1.0.11.134
netgear
r8900 firmware
≤ 1.0.5.42
netgear
r9000 firmware
≤ 1.0.5.42
netgear
rax120 firmware
≤ 1.2.8.40
netgear
rax120v2 firmware
≤ 1.2.8.40
netgear
xr300 firmware
≤ 1.0.3.72
netgear
rbs20 firmware
≤ 2.7.2.26

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires establishment of requirements for PKI certificates and proper validation to prevent MITM attacks during TLS-secured update downloads.

prevent

Mandates use of digitally signed firmware components with authenticity validation, blocking installation of malicious update packages delivered via compromised TLS.

prevent

Enforces cryptographic integrity checks on firmware updates to detect and prevent malicious modifications from intercepted downloads.

References