What is the CVSS score of CVE-2022-40619?

CVE-2022-40619 has a CVSS 3.1 base score of 7.7 (High). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L. EPSS exploitation probability: 0.8%.

Which versions of R6230 Firmware are affected by CVE-2022-40619?

NETGEAR routers and Orbi WiFi Systems containing the FunJSQ module are vulnerable to unauthenticated remote code execution via LAN access, allowing attackers to fully compromise affected devices…

Is there a public PoC exploit available for CVE-2022-40619?

Yes, a public proof-of-concept exploit is available for CVE-2022-40619. Prioritise patching immediately. EPSS: 0.8%.

How to fix or mitigate CVE-2022-40619?

Within 24 hours: Identify and inventory all affected NETGEAR/Orbi devices in your environment and assess their network exposure. Within 7 days: Implement network segmentation to restrict LAN access to trusted devices only, disable the FunJSQ module if possible through device settings, and apply firewall rules to block unauthorized access to the HTTP interface. Within 30 days: Plan device replacement or firmware updates once patches become available, conduct forensic review of device logs for signs of compromise, and evaluate alternative WiFi solutions to mitigate future risk.

R6230 Firmware CVE-2022-40619

HIGH

Command Injection (CWE-77)

2026-01-28 cve@mitre.org

Command Injection Netgear R6230 Firmware R6260 Firmware R7000 Firmware R8900 Firmware R9000 Firmware Rax120 Firmware Rax120v2 Firmware Rbr20 Firmware Rbs20 Firmware Xr300 Firmware

7.7

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Mar 09, 2026 - 14:43 vuln.today

Public exploit code

CVE Published

Jan 28, 2026 - 19:16 nvd

HIGH 7.7

DescriptionNVD

FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, exposes an HTTP server over the LAN interface of affected devices. This interface is vulnerable to unauthenticated arbitrary command injection through the funjsq_access_token parameter. This affects R6230 before 1.1.0.112, R6260 before 1.1.0.88, R7000 before 1.0.11.134, R8900 before 1.0.5.42, R9000 before 1.0.5.42, and XR300 before 1.0.3.72 and Orbi RBR20 before 2.7.2.26, RBR50 before 2.7.4.26, RBS20 before 2.7.2.26, and RBS50 before 2.7.4.26.

AnalysisAI

Technical ContextAI

Classified as CWE-77 (Command Injection). Affects the funjsq_access_token component of Rbr20 Firmware. FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, exposes an HTTP server over the LAN interface of affected devices. This interface is vulnerable to unauthenticated arbitrary command injection through the funjsq_access_token parameter. This affects R6230 before 1.1.0.112, R6260 before 1.1.0.88, R7000 before 1.0.11.134, R8900 before 1.0.5.42, R9000 before 1.0.5.42, and XR300 before 1.0.3.72 and Orbi RBR20 before 2.7.2.26, RBR50 before 2.7.4.26, RBS20 before 2.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

CVE-2022-40619 vulnerability details – vuln.today

Back

R6230 Firmware CVE-2022-40619

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code