CVE-2026-24714
Unknown Unknown - Not Provided
Unauthorized Telnet Activation via Magic Packet in NETGEAR Devices

Publication date: 2026-01-30

Last updated on: 2026-01-30

Assigner: JPCERT/CC

Description
Some end of service NETGEAR products provide "TelnetEnable" functionality, which allows a magic packet to activate telnet service on the box.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-30
Last Modified
2026-01-30
Generated
2026-06-16
AI Q&A
2026-01-30
EPSS Evaluated
2026-06-15
NVD
CVE-2026-24714
EUVD
EUVD-2026-5018
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
netgear pr2000 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1242 The device includes chicken bits or undocumented features that can create entry points for unauthorized actors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

The vulnerability can allow an attacker to remotely activate the telnet service on the affected device without any authentication. This can lead to unauthorized access and potentially compromise the device's integrity. Since telnet is an insecure protocol, this unauthorized access could be exploited to control the device or use it as a foothold within the network. [1]

Mitigation Strategies

The recommended immediate step to mitigate this vulnerability is to discontinue use of the affected end-of-service NETGEAR products, including the NETGEAR PR2000. Since NETGEAR has not issued patches or updates due to the product’s end-of-life status, continuing to use these devices poses a security risk. Consider replacing the device with a supported model that receives security updates. [1]

Executive Summary

This vulnerability involves an undocumented "TelnetEnable" feature in certain end-of-service NETGEAR products, specifically the NETGEAR PR2000. A specially crafted magic packet sent to the device's LAN interface can activate the telnet service without authentication. This allows an attacker to remotely enable telnet access on the device, which is not intended to be accessible. [1]

Detection Guidance

This vulnerability can be detected by monitoring for the presence of the undocumented "TelnetEnable" functionality activation, which occurs when a specially crafted magic packet is sent to the LAN interface to activate the telnet service on the NETGEAR PR2000 device. Since the telnet service is normally disabled, detection can involve scanning the device for open telnet ports (typically port 23) after receiving such packets. Commands such as 'nmap -p 23 <device_ip>' can be used to check if the telnet port is open. Additionally, network traffic analysis tools can be used to detect unusual magic packets targeting the device. However, no specific detection commands or signatures are provided in the resources. The recommended mitigation is to discontinue use of the affected devices. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24714. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart