Primary

Context

Netgear R7000 and EAX80 Denial-of-Service Vulnerability via Misconfigured USERLIMIT_GLOBAL Option

Vulnerability

A denial-of-service vulnerability has been identified in the Netgear R7000 router and EAX80 extender, specifically in the firmware versions V1.3.1.64_10.1.36 and V1.0.1.70_1.0.2. The issue arises because the USERLIMIT_GLOBAL option in the bftpd.conf configuration file is set to 0, allowing unlimited users to connect. This misconfiguration can lead to denial-of-service attacks, as the server may become overwhelmed with connections, even though clients are disconnected after a short period.

Impact

Exploitation of this vulnerability can lead to denial-of-service conditions, where the device becomes overwhelmed with connections, potentially causing legitimate users to be disconnected or unable to connect.

Added: Jul 21, 2025, 4:39 PM

Updated: Jul 21, 2025, 4:39 PM

Vulnerability Rating

Custom Algorithm

spread

8.1

impact

2.5

exploitability

7.0

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.1

impact

2.5

exploitability

7.0

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Netgear R7000 and EAX80 Denial-of-Service Vulnerability via Misconfigured USERLIMIT_GLOBAL Option

Vulnerability

Impact

Affected Products

Netgear R7000

Netgear EAX80

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating