CVE-2026-24714
CVE-2026-24714
In short
Some older NETGEAR devices allow telnet service to be activated remotely by sending a special magic packet, giving attackers command-line access if telnet is enabled.
Technical detail
CWE-1242 (Insufficient Logging of Security Relevant Events) manifests as an undocumented TelnetEnable feature in end-of-service NETGEAR products that permits remote activation of telnet via crafted packets. An attacker with network access can trigger this functionality to gain unauthenticated shell access to the device without leaving audit trails.
Summary generated and translated by AI from the official description.
Some end of service NETGEAR products provide "TelnetEnable" functionality, which allows a magic packet to activate telnet service on the box.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
Affected products
NETGEAR · NETGEAR productsWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →