{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24714", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2026-01-26T05:24:46.172Z", "datePublished": "2026-01-30T03:53:30.144Z", "dateUpdated": "2026-01-30T17:59:45.410Z"}, "containers": {"cna": {"affected": [{"vendor": "NETGEAR", "product": "NETGEAR products", "versions": [{"version": "versions which provide \"TelnetEnable\" functionality", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "Some end of service NETGEAR products provide \"TelnetEnable\" functionality, which allows a magic packet to activate telnet service on the box."}], "problemTypes": [{"descriptions": [{"description": "Inclusion of undocumented features or chicken bits", "lang": "en-US", "cweId": "CWE-1242", "type": "CWE"}]}], "references": [{"url": "https://www.netgear.com/about/eos/"}, {"url": "https://jvn.jp/en/jp/JVN46722282/"}], "tags": ["unsupported-when-assigned"], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_0": {"version": "3.0", "baseSeverity": "HIGH", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}}, {"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV4_0": {"version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.7, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"}}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2026-01-30T03:53:30.144Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-30T17:59:24.138913Z", "id": "CVE-2026-24714", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-30T17:59:45.410Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24714", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-30T17:59:24.138913Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-30T17:59:36.107Z"}}], "cna": {"tags": ["unsupported-when-assigned"], "metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"version": "4.0", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "NETGEAR", "product": "NETGEAR products", "versions": [{"status": "affected", "version": "versions which provide \"TelnetEnable\" functionality"}]}], "references": [{"url": "https://www.netgear.com/about/eos/"}, {"url": "https://jvn.jp/en/jp/JVN46722282/"}], "descriptions": [{"lang": "en", "value": "Some end of service NETGEAR products provide \"TelnetEnable\" functionality, which allows a magic packet to activate telnet service on the box."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-1242", "description": "Inclusion of undocumented features or chicken bits"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2026-01-30T03:53:30.144Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24714", "state": "PUBLISHED", "dateUpdated": "2026-01-30T17:59:45.410Z", "dateReserved": "2026-01-26T05:24:46.172Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2026-01-30T03:53:30.144Z", "assignerShortName": "jpcert"}, "dataVersion": "5.2"}

{"cveTags": [{"sourceIdentifier": "vultures@jpcert.or.jp", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "Some end of service NETGEAR products provide \"TelnetEnable\" functionality, which allows a magic packet to activate telnet service on the box."}, {"lang": "es", "value": "Algunos productos NETGEAR con fin de servicio proporcionan la funcionalidad 'TelnetEnable', lo que permite que un paquete m\u00e1gico active el servicio telnet en el dispositivo."}], "id": "CVE-2026-24714", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "vultures@jpcert.or.jp", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "vultures@jpcert.or.jp", "type": "Secondary"}]}, "published": "2026-01-30T05:16:33.093", "references": [{"source": "vultures@jpcert.or.jp", "url": "https://jvn.jp/en/jp/JVN46722282/"}, {"source": "vultures@jpcert.or.jp", "url": "https://www.netgear.com/about/eos/"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1242"}], "source": "vultures@jpcert.or.jp", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T01:14:07.731683+00:00", "value": {"mitigation_remediation": ["Apply the latest firmware update or vendor patch if available", "Disable the telnet service through the device's configuration interface", "Block or filter the magic packet traffic on the network or firewall", "Consider replacing the end\u2011of\u2011life device with a supported model"], "summary": {"action": "Patch Immediately", "impact": "Unauthorized Telnet activation allowing privileged access"}, "threat_synthesis": {"affected_systems": "The vulnerability affects NETGEAR products that are no longer supported and lack end\u2011of\u2011life firmware updates. No specific versions are listed, so any currently in\u2011use end\u2011of\u2011life device may be vulnerable.", "description_and_impact": "Some end\u2011of\u2011service NETGEAR devices expose a TelnetEnable function that can be triggered by a specially crafted magic packet, turning on the telnet daemon without authentication. This deficiency enables an attacker who can send such a packet to obtain a shell on the device, potentially allowing arbitrary code execution. The flaw corresponds to CWE\u20111242, which describes unintended activation of a feature.", "risk_and_exploitability": "The CVSS score of 8.7 indicates a high severity defect, while the EPSS of less than 1% suggests a low probability of exploitation at present. The device is not listed in the CISA KEV catalog, so no exploits are known yet. The likely attack vector is network\u2011based: an attacker on the same network or with routing capabilities must deliver the magic packet. Once activated, telnet typically runs with elevated privileges, so successful exploitation could lead to full system compromise."}}}}, "created": "2026-01-30T08:42:18.219772+00:00", "title": "Unintended Telnet Activation via Magic Packet on End\u2011of\u2011Life NETGEAR Devices", "updated": "2026-04-18T01:15:05.996080+00:00", "vendors": ["netgear", "netgear$PRODUCT$eos_products"]}