It has been discovered recently by the European security and compliance assessment company Onekey that arbitrary code may be injected into multiple Netgear router models through FunJSQ in a malicious manner.
In order to accelerate online games, Xiamen Xunwang Network Technology has developed a third-party module known as FunJSQ. In short, FunJSQ is a third-party gaming module.
Along with routers there are some Orbi WiFi Systems that are also affected. If your WiFi password is known to an attacker or your router’s Ethernet cable is connected to your computer, then this vulnerability is exploitable.
Here below we have mentioned the all the router models and WiFi systems that are affected. Not only that even we have also mention their respective fixed firmware versions as well:-
A first set of patches was issued by Netgear for the vulnerable devices this month after they were informed of the security holes in June.
The FunJSQ gaming module does not have a secure update process. Update packages that are sent from the server to the FunJSQ module are only superficially checked.
A hash checksum is used to validate the packages on the device as they are unsigned.
There are a number of actions that an attacker can take in order to exploit an insecure communication channel, such as:-
There is a potential for arbitrary code to be executed from the WAN interface as a result of these factors combined.
CVE-2022-40620 has been assigned to the issue relating to an insecure update mechanism introduced in the release. CVE-2022-40619 was the CVE ID number assigned to the flaw related to unauthenticated command injections.
It should be noted that Netgear has not yet divulged a workaround for this vulnerability. The latest firmware from NETGEAR should be downloaded as soon as possible, as NETGEAR strongly recommends you do so.
Download Free SWG – Secure Web Filtering – E-book
A recent investigation by the FortiGuard Incident Response (FGIR) team has uncovered a sophisticated, long-term…
StealC, a notorious information stealer and malware downloader first sold in January 2023, has rolled…
Cybersecurity researchers at Bitdefender have identified a significant uptick in subscription-based scams, characterized by an…
SocGholish, a notorious loader malware, has evolved into a critical tool for cybercriminals, often delivering…
Cybersecurity researchers uncovered a sophisticated supply chain attack targeting the Go programming language ecosystem in…
North Korean nationals have successfully infiltrated the employee ranks of major global corporations at a…