Multiple Netgear router models are vulnerable to arbitrary code execution via FunJSQ, a third-party module for online game acceleration, European security and compliance assessment company Onekey warns.
Integrated in various Netgear routers and Orbi WiFi systems, the gaming optimization module is developed by China-based Xiamen Xunwang Network Technology.
What Onekey has discovered is that the FunJSQ module has an insecure update process with only superficial checks of the update packages received from the server: packages are unsigned and are validated on the device using a hash checksum only.
