Skip to content

FunJSQ, a third-party module integrated on some NETGEAR...

Unreviewed Published Jan 28, 2026 to the GitHub Advisory Database • Updated Jan 28, 2026

Package

No package listedSuggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, exposes an HTTP server over the LAN interface of affected devices. This interface is vulnerable to unauthenticated arbitrary command injection through the funjsq_access_token parameter. This affects R6230 before 1.1.0.112, R6260 before 1.1.0.88, R7000 before 1.0.11.134, R8900 before 1.0.5.42, R9000 before 1.0.5.42, and XR300 before 1.0.3.72 and Orbi RBR20 before 2.7.2.26, RBR50 before 2.7.4.26, RBS20 before 2.7.2.26, and RBS50 before 2.7.4.26.

References

Published by the National Vulnerability Database Jan 28, 2026
Published to the GitHub Advisory Database Jan 28, 2026
Last updated Jan 28, 2026

Severity

Unknown

EPSS score

Weaknesses

No CWEs

CVE ID

CVE-2022-40619

GHSA ID

GHSA-5gwm-h32x-cppq

Source code

No known source code

Dependabot alerts are not supported on this advisory because it does not have a package from a supported ecosystem with an affected and fixed version.

Learn more about GitHub language support

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.