cvedb.io
CVE-2021-31802
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2021-04-26T13:15:07.787 · Last modified 2026-06-17T03:52:15.613

Summary

NETGEAR R7000 1.0.11.116 devices have a heap-based Buffer Overflow that is exploitable from the local network without authentication. The vulnerability exists within the handling of an HTTP request. An attacker can leverage this to execute code as root. The problem is that a user-provided length value is trusted during a backup.cgi file upload. The attacker must add a \n before the Content-Length header.

Affected products

netgear — r7000_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when netgear ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.