PT-2026-6719 · Ip Com · Ip-Com W30Ap
Guoxb
·
Published
2026-02-06
·
Updated
2026-02-11
·
CVE-2026-2017
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
IP-COM W30AP versions up to 1.0.0.11(1340)
Description
A stack-based buffer overflow exists in the
R7WebsSecurityHandler function within the POST Request Handler component. This issue is triggered by manipulating the data argument sent to the /goform/wx3auth API endpoint. The vulnerability allows for remote exploitation. The exploit is publicly available. The vendor was contacted regarding this issue but did not respond.Recommendations
Versions up to 1.0.0.11(1340) should be updated to a newer, secure version when available. As a temporary workaround, consider restricting access to the
/goform/wx3auth API endpoint.Exploit
Fix
RCE
Stack Overflow
Memory Corruption
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ip-Com W30Ap