Cyber Resilience

CVE-2024-23690

HighPublic PoCRCE

Published: 04 February 2025

Published
04 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0084 75.1th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-23690 is a high-severity OS Command Injection (CWE-78) vulnerability. Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 24.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SA-22 (Unsupported System Components).

Deeper analysis

CVE-2024-23690 is a command injection vulnerability (CWE-78) in the Telnet interface of the end-of-life Netgear FVS336Gv2 and FVS336Gv3 VPN firewalls. Published on 2025-02-04, it carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), indicating high severity with network accessibility, low attack complexity, and significant impacts on confidentiality, integrity, and availability.

An authenticated remote attacker can exploit the vulnerability by sending crafted "util backup_configuration" commands over Telnet, enabling execution of arbitrary OS commands as root. This requires high privileges (PR:H) but no user interaction, allowing full system compromise on affected devices.

The primary advisory is available at https://vulncheck.com/advisories/netgear-fvs336g-rce. As the devices are end-of-life, no vendor patches are referenced.

EU & UK References

Vulnerability details

The end-of-life Netgear FVS336Gv2 and FVS336Gv3 are affected by a command injection vulnerability in the Telnet interface. An authenticated and remote attacker can execute arbitrary OS commands as root over Telnet by sending crafted "util backup_configuration" commands.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

Command injection in public-facing Telnet service directly enables remote exploitation of the firewall (T1190) and arbitrary Unix shell command execution as root (T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-42454Shared CWE-78
CVE-2026-34796Shared CWE-78
CVE-2024-57016Shared CWE-78
CVE-2025-50475Shared CWE-78
CVE-2024-57015Shared CWE-78
CVE-2026-36828Shared CWE-78
CVE-2024-57595Shared CWE-78
CVE-2026-25196Shared CWE-78
CVE-2024-50566Shared CWE-78
CVE-2026-23592Shared CWE-78

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires validation of all system inputs, directly preventing command injection exploits in the Telnet backup_configuration command.

prevent

Prohibits unnecessary functions and protocols like Telnet, eliminating the vulnerable remote access interface.

prevent

Mandates removal or replacement of end-of-life unsupported components like the affected Netgear firewalls that receive no security patches.

References