CVE-2026-2017 | IP-COM W30AP up to 1.0.0.11(1340) POST Request /goform/wx3auth R7WebsSecurityHandler data stack-based overflow

A vulnerability, which was classified as critical, was found in IP-COM W30AP up to 1.0.0.11(1340). Affected by this issue is the function R7WebsSecurityHandler of the file /goform/wx3auth of the component POST Request Handler. The manipulation of the argument data results in stack-based buffer overflow.

This vulnerability was named CVE-2026-2017. The attack may be performed from remote. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-2017 | IP-COM W30AP up to 1.0.0.11(1340) POST Request /goform/wx3auth R7WebsSecurityHandler data stack-based overflow

Post correlati

CVE-2024-10618 | Tongda OA 2017 up to 11.10 record_detail.php repid sql injection

CVE-2023-45173 | IBM AIX/VIOS NFS Kernel Extension denial of service

CVE-2024-3566 | Node.js up to 21.7.2 on Windows CreateProcess os command injection

CVE-2025-9570 | Sunnet eHRD CTMS path traversal