Netgear FVS336Gv2 and FVS336Gv3 Telnet Command Injection Vulnerability Allowing Remote Code Execution

Vulnerability

A command injection vulnerability has been identified in the Telnet interface of the Netgear FVS336Gv2 and FVS336Gv3 routers, both of which are end-of-life products. This vulnerability allows authenticated, remote attackers to execute arbitrary operating system commands as root. The issue arises when crafted 'util backup_configuration' commands are sent via Telnet.

Impact

Exploitation of this vulnerability allows for arbitrary OS command execution with root privileges.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

4.9

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

4.9

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Netgear FVS336Gv2 and FVS336Gv3 Telnet Command Injection Vulnerability Allowing Remote Code Execution

Vulnerability

Impact

Affected Products

Netgear FVS336Gv3

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating