Maybe they'll publish a security advisory about D6220 soon ["prior to version 1.0.0.44" etc]. Or they're just hiding things. There is a 400mb source of 1.0.0.40 and 1.0.0.44 but seeing the amount of vulnerabilities NetGear has had in the past two years it's perfectly plausible. In the end you can only really check the source to be sure though, but I think you have nothing to worry about. When ZyXEL wrote such a thing, they restricted BusyBox or supervisor account etc, nothing a rollback couldn't solve.