Description
The end-of-life Netgear FVS336Gv2 and FVS336Gv3 are affected by a command injection vulnerability in the Telnet interface. An authenticated and remote attacker can execute arbitrary OS commands as root over Telnet by sending crafted "util backup_configuration" commands.
References (1)
Core 1
Core References
Third Party Advisory third-party-advisory
https://vulncheck.com/advisories/netgear-fvs336g-rce
Scores
CVSS v3
7.2
EPSS
0.0084
EPSS Percentile
74.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-78
Status
published
Products (2)
Netgear/FVS336Gv2
< 4.3.3-6
Netgear/FVS336Gv3
< 4.3.5-3
Published
Feb 04, 2025
Tracked Since
Feb 18, 2026