CVE-2024-23690
Published: 04 February 2025
Summary
CVE-2024-23690 is a high-severity OS Command Injection (CWE-78) vulnerability. Its CVSS base score is 7.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 24.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SA-22 (Unsupported System Components).
Deeper analysis
CVE-2024-23690 is a command injection vulnerability (CWE-78) in the Telnet interface of the end-of-life Netgear FVS336Gv2 and FVS336Gv3 VPN firewalls. Published on 2025-02-04, it carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), indicating high severity with network accessibility, low attack complexity, and significant impacts on confidentiality, integrity, and availability.
An authenticated remote attacker can exploit the vulnerability by sending crafted "util backup_configuration" commands over Telnet, enabling execution of arbitrary OS commands as root. This requires high privileges (PR:H) but no user interaction, allowing full system compromise on affected devices.
The primary advisory is available at https://vulncheck.com/advisories/netgear-fvs336g-rce. As the devices are end-of-life, no vendor patches are referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-21151
Vulnerability details
The end-of-life Netgear FVS336Gv2 and FVS336Gv3 are affected by a command injection vulnerability in the Telnet interface. An authenticated and remote attacker can execute arbitrary OS commands as root over Telnet by sending crafted "util backup_configuration" commands.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection in public-facing Telnet service directly enables remote exploitation of the firewall (T1190) and arbitrary Unix shell command execution as root (T1059.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires validation of all system inputs, directly preventing command injection exploits in the Telnet backup_configuration command.
Prohibits unnecessary functions and protocols like Telnet, eliminating the vulnerable remote access interface.
Mandates removal or replacement of end-of-life unsupported components like the affected Netgear firewalls that receive no security patches.