Details of VAR-202601-4145

ID

VAR-202601-4145

CVE

CVE-2026-24714

TITLE

Support has ended NETGEAR "Not described in the product manual TelnetEnable "function

Trust: 1.6

sources: JVNDB: JVNDB-2026-000018 // JVNDB: JVNDB-2026-000018

DESCRIPTION

Some end of service NETGEAR products provide "TelnetEnable" functionality, which allows a magic packet to activate telnet service on the box. LAN By processing specific packets received from the side interface, Telnet The service may be enabled. LAN By processing specific packets received from the side interface, Telnet The service may be enabled

Trust: 2.34

sources: NVD: CVE-2026-24714 // JVNDB: JVNDB-2026-000018 // JVNDB: JVNDB-2026-000018

AFFECTED PRODUCTS

vendor:	ネットギア	model:	pr2000	scope:	eq	version:	(1) netgear pr2000 has never been sold in japan	Trust: 1.6
vendor:	ネットギア	model:	pr2000	scope:	eq	version:	(2) at the time of publication, support was provided for netgear the product has telnetenable feature is not implemented	Trust: 1.6
vendor:	ネットギア	model:	pr2000	scope:	eq	version:	that's what they say.	Trust: 1.6
vendor:	ネットギア	model:	pr2000	scope:	eq	version:	(3) for products that are no longer supported, we will not conduct impact assessments or other investigations.	Trust: 1.6
vendor:	ネットギア	model:	pr2000	scope:	eq	version:	-	Trust: 1.6
vendor:	ネットギア	model:	pr2000	scope:	eq	version:	pr2000 firmware to " telnetenable it was reported that the feature has been implemented.	Trust: 1.6

sources: JVNDB: JVNDB-2026-000018 // JVNDB: JVNDB-2026-000018

CVSS

SEVERITY

CVSSV2

CVSSV3

vultures@jpcert.or.jp:	CVE-2026-24714
value:	HIGH
Trust: 1.0

vultures@jpcert.or.jp:	CVE-2026-24714
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.0

sources: NVD: CVE-2026-24714

PROBLEMTYPE DATA

problemtype:	others (CWE-Other) [IPA evaluation ]	Trust: 1.6
problemtype:	CWE-1242	Trust: 1.0

sources: JVNDB: JVNDB-2026-000018 // JVNDB: JVNDB-2026-000018 // NVD: CVE-2026-24714

PATCH

title:

NETGEAR End of Service

url:

https://www.netgear.com/about/eos/

Trust: 1.6

sources: JVNDB: JVNDB-2026-000018 // JVNDB: JVNDB-2026-000018

EXTERNAL IDS

db:	JVN	id:	JVN46722282	Trust: 2.6
db:	NVD	id:	CVE-2026-24714	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-000018	Trust: 1.6

sources: JVNDB: JVNDB-2026-000018 // JVNDB: JVNDB-2026-000018 // NVD: CVE-2026-24714

REFERENCES

url:	https://jvn.jp/jp/jvn46722282/index.html	Trust: 1.6
url:	https://www.netgear.com/about/eos/	Trust: 1.0
url:	https://jvn.jp/en/jp/jvn46722282/	Trust: 1.0

sources: JVNDB: JVNDB-2026-000018 // JVNDB: JVNDB-2026-000018 // NVD: CVE-2026-24714

SOURCES

db:	JVNDB	id:	JVNDB-2026-000018
db:	JVNDB	id:	JVNDB-2026-000018
db:	NVD	id:	CVE-2026-24714

LAST UPDATE DATE

2026-01-31T23:36:51.047000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-000018	date:	2026-01-30T03:20:00
db:	JVNDB	id:	JVNDB-2026-000018	date:	2026-01-30T03:20:00
db:	NVD	id:	CVE-2026-24714	date:	2026-01-30T05:16:33.093

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-000018	date:	2026-01-30T00:00:00
db:	JVNDB	id:	JVNDB-2026-000018	date:	2026-01-30T00:00:00
db:	NVD	id:	CVE-2026-24714	date:	2026-01-30T05:16:33.093