JVN#46722282
Undocumented "TelnetEnable" functionality of End of Service NETGEAR products
Overview
Some end of service NETGEAR products provide "TelnetEnable" functionality, which allows a magic packet to activate telnet service on the box.
Products Affected
NETGEAR PR2000 is reported to have "TelnetEnable" functionality.
According to the developer,
(1) PR2000 was not sold in Japan,
(2) all NETGEAR products currently supported (at the time of this writing) don't have "TelnetEnable" functionality,
(3) NETGEAR will not verify issues on obsolete (non-supported) products.
Description
Some end of service NETGEAR products provide "TelnetEnable" functionality, which allows a magic packet to activate telnet service on the box.
- Inclusion of Undocumented Features or Chicken Bits (CWE-1242)
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N Base Score 8.7
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Base Score 7.5
- CVE-2026-24714
Impact
Telnet service may be activated by a magic packet sent to the LAN interface of the affected product.
Solution
Stop using the products
Stop using the end of service products, including NETGEAR PR2000.
Vendor Status
| Vendor | Link |
| NETGEAR | NETGEAR End of Service |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Misato Ito, Daichi Uezono, Ryu Kuki, Iwaki Miyamoto, Takayuki Sasaki, and Katsunari Yoshioka of Yokohama National University reported the issue on NETGEAR PR2000 to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2026-24714 |
| JVN iPedia |
JVNDB-2026-000018 |