CVE-2026-24714
Unauthorized Telnet Activation via Magic Packet in NETGEAR Devices
Publication date: 2026-01-30
Last updated on: 2026-01-30
Assigner: JPCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| netgear | pr2000 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1242 | The device includes chicken bits or undocumented features that can create entry points for unauthorized actors. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for the presence of the undocumented "TelnetEnable" functionality activation, which occurs when a specially crafted magic packet is sent to the LAN interface to activate the telnet service on the NETGEAR PR2000 device. Since the telnet service is normally disabled, detection can involve scanning the device for open telnet ports (typically port 23) after receiving such packets. Commands such as 'nmap -p 23 <device_ip>' can be used to check if the telnet port is open. Additionally, network traffic analysis tools can be used to detect unusual magic packets targeting the device. However, no specific detection commands or signatures are provided in the resources. The recommended mitigation is to discontinue use of the affected devices. [1]
How can this vulnerability impact me? :
The vulnerability can allow an attacker to remotely activate the telnet service on the affected device without any authentication. This can lead to unauthorized access and potentially compromise the device's integrity. Since telnet is an insecure protocol, this unauthorized access could be exploited to control the device or use it as a foothold within the network. [1]
What immediate steps should I take to mitigate this vulnerability?
The recommended immediate step to mitigate this vulnerability is to discontinue use of the affected end-of-service NETGEAR products, including the NETGEAR PR2000. Since NETGEAR has not issued patches or updates due to the productβs end-of-life status, continuing to use these devices poses a security risk. Consider replacing the device with a supported model that receives security updates. [1]
Can you explain this vulnerability to me?
This vulnerability involves an undocumented "TelnetEnable" feature in certain end-of-service NETGEAR products, specifically the NETGEAR PR2000. A specially crafted magic packet sent to the device's LAN interface can activate the telnet service without authentication. This allows an attacker to remotely enable telnet access on the device, which is not intended to be accessible. [1]