PT-2026-6719 · Ip Com · Ip-Com W30Ap

Guoxb

Publicado

2026-02-06

Atualizado

2026-02-11

CVE-2026-2017

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions IP-COM W30AP versions up to 1.0.0.11(1340)

Description A stack-based buffer overflow exists in the R7WebsSecurityHandler function within the POST Request Handler component. This issue is triggered by manipulating the data argument sent to the /goform/wx3auth API endpoint. The vulnerability allows for remote exploitation. The exploit is publicly available. The vendor was contacted regarding this issue but did not respond.

Recommendations Versions up to 1.0.0.11(1340) should be updated to a newer, secure version when available. As a temporary workaround, consider restricting access to the /goform/wx3auth API endpoint.

Exploit

Correção

RCE

Stack Overflow

Memory Corruption

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-121CWE-787CWE-119

Identificadores relacionados

CVE-2026-2017

Produtos afetados

Ip-Com W30Ap

PT-2026-6719 · Ip Com · Ip-Com W30Ap

CVE-2026-2017

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 13