Router CVE Report Card
Security grades, trend indicators, and CVE counts by manufacturer. Click any non-zero count to see the CVEs. Last updated: Jun 8, 2026 3:40 PM CDT
A 90–100
B 70–89
C 60–69
D 50–59
F <50
NR Too New to Rate
↑ Getting Better shifts grade up (B → B+)
– Stable no change
↓ Getting Worse shifts grade down (A+ → A)
Popular
| Grade | Manufacturer | Trend | 30 Days | 12 Months | 24 Months | Total | |
|---|---|---|---|---|---|---|---|
| A+ | Peplink | – Stable | 0 | 0 | 0 | 18 | |
| A+ | Cradlepoint | – Stable | 0 | 0 | 0 | 2 | |
| A+ | Digi | ↑ Getting Better | 0 | 2 | 8 | 33 | |
| A+ | Teltonika | ↑ Getting Better | 1 | 1 | 3 | 30 | |
| A+ | Inseego | – Stable | 0 | 0 | 0 | 0 | |
| NR | Katalyst | – Too New | 0 | 0 | 0 | 0 | |
| A+ | Semtech | – Stable | 0 | 1 | 1 | 38 |
Others
| Grade | Manufacturer | Trend | 30 Days | 12 Months | 24 Months | Total | |
|---|---|---|---|---|---|---|---|
| A+ | ATEL | – Stable | 0 | 0 | 0 | 0 | |
| A+ | BEC | ↑ Getting Better | 0 | 0 | 4 | 5 | |
| A+ | eero | – Stable | 0 | 1 | 1 | 1 | |
| A+ | Robustel | – Stable | 0 | 0 | 0 | 26 | |
| A+ | Starlink | – Stable | 0 | 1 | 1 | 5 | |
| A- | Inhand | ↓ Getting Worse | 4 | 4 | 4 | 59 | |
| A- | SonicWall | ↑ Getting Better | 0 | 10 | 24 | 143 | |
| C- | Lantronix | ↓ Getting Worse | 0 | 9 | 10 | 40 | |
| F+ | ASUS | ↑ Getting Better | 3 | 42 | 73 | 341 | |
| F+ | Netgear | ↑ Getting Better | 0 | 32 | 138 | 1,332 | |
| F+ | Palo Alto Networks | ↑ Getting Better | 19 | 51 | 122 | 302 | |
| F+ | Zyxel | ↑ Getting Better | 7 | 24 | 59 | 305 | |
| F | Cisco | – Stable | 12 | 277 | 653 | 6,769 | |
| F- | Fortinet | ↓ Getting Worse | 11 | 151 | 267 | 685 | |
| F- | GL.iNet | ↓ Getting Worse | 8 | 23 | 39 | 73 | |
| F- | Linksys | ↓ Getting Worse | 0 | 75 | 123 | 256 | |
| F- | TP-Link | ↓ Getting Worse | 6 | 80 | 125 | 497 |
Open Source Firmware
| Grade | Manufacturer | Trend | 30 Days | 12 Months | 24 Months | Total | |
|---|---|---|---|---|---|---|---|
| B- | OpenWrt / DD-WRT | ↓ Getting Worse | 1 | 14 | 18 | 75 |
See all tracked routers · Grading Methodology
Data sourced from the NVD. Grades start at 100 and deduct points per CVE, weighted by severity and recency. EPSS exploit probability adjusts penalties (high EPSS increases, very low EPSS reduces). Trend compares severity-weighted CVE volume over the last 12 months vs. the previous 12 months.