R7000 firmware

This hub aggregates every CVE we track for R7000 firmware, a product in the networking infrastructure space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting R7000 firmware.

• CVE-2026-0417Insufficient input validation in certain NETGEAR routers4.5Jun 9, 2026
• CVE-2026-9210Certain NETGEAR routers allow authenticated administrators to gain unintended control of the router4.5Jun 9, 2026
• CVE-2026-0410Insufficient input validation in certain NETGEAR routers4.5Jun 9, 2026
• CVE-2025-44650In Netgear R7000 V1.3.1.64_10.1.36 and EAX80 V1.0.1.70_1.0.2, the USERLIMIT_GLOBAL option is set to 0 in the bftpd.conf configuration file. This can cause DoS attacks when unlimited users are conne...7.5Jul 21, 2025
• CVE-2024-35520Netgear R7000 1.0.11.136 is vulnerable to Command Injection in RMT_invite.cgi via device_name2 parameter.8.4Oct 14, 2024
• CVE-2021-34983NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability6.5May 7, 2024
• CVE-2021-34982NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability8.8May 7, 2024
• CVE-2024-1431Netgear R7000 Web Management Interface debuginfo.htm information disclosure4.3Feb 11, 2024
• CVE-2024-1430Netgear R7000 Web Management Interface currentsetting.htm information disclosure4.3Feb 11, 2024
• CVE-2023-36187Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary code via crafted URL to httpd.9.8Sep 1, 2023
• CVE-2022-27642This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this ...8.8Mar 29, 2023
• CVE-2022-27647This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit...8.0Mar 29, 2023
• CVE-2022-27646This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit...8.8Mar 29, 2023
• CVE-2022-27641This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this...8.8Mar 29, 2023
• CVE-2022-27643This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this...8.8Mar 29, 2023