Netgear routers impacted by game acceleration module flaw

SecurityWeek reports that various Netgear routers and Orbi WiFi systems are affected by a vulnerability in third-party online game acceleration module FunJSQ, which could be exploited to facilitate arbitrary code execution. Onekey researchers discovered that the absence of secure communication in the update process within the FunJSQ module could enable tampering of server-based data, as well as the extraction of package content to the root folder with elevated privileges. Attackers with update package control could then allow overwriting on devices, according to Onekey. The unauthenticated command injection and insecure update mechanism vulnerabilities have been tracked as CVE-2022-40619 and CVE-2022-40620, respectively, with Netgear already having issued the initial batch of fixes this month. "Netgear is aware of vulnerabilities in FunJSQ, a third-party module integrated on some routers and Orbi WiFi Systems. This vulnerability requires an attacker to have your WiFi password or an Ethernet connection to your router to be exploited," said Netgear, who urged immediate patching amid the absence of any workarounds.