Cyber Resilience

CVE-2026-2017

HighPublic PoC

Published: 06 February 2026

Published
06 February 2026
Modified
17 February 2026
KEV Added
Patch
CVSS Score v4 8.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0433 89.9th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-2017 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Ip-Com W30Ap Firmware. Its CVSS base score is 8.9 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 10.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2026-2017 is a stack-based buffer overflow vulnerability affecting the IP-COM W30AP wireless access point in versions up to 1.0.0.11(1340). The flaw exists in the R7WebsSecurityHandler function of the /goform/wx3auth file within the POST Request Handler component, where manipulation of the "data" argument triggers the overflow.

The vulnerability enables remote exploitation by unauthenticated attackers with low attack complexity and no user interaction required, as indicated by its CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Successful attacks can result in high impacts to confidentiality, integrity, and availability, potentially allowing arbitrary code execution. A public exploit is available for use.

Advisories and references, including Gitee repositories with vulnerability analysis and proof-of-concept code as well as VulDB entries, document the issue but note that the vendor was contacted early without any response. No patches or official mitigations are referenced.

The public availability of the exploit heightens the risk for affected devices.

EU & UK References

Vulnerability details

A vulnerability was detected in IP-COM W30AP up to 1.0.0.11(1340). Affected by this issue is the function R7WebsSecurityHandler of the file /goform/wx3auth of the component POST Request Handler. The manipulation of the argument data results in stack-based buffer overflow. The…

more

attack may be performed from remote. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Stack-based buffer overflow in unauthenticated web POST handler (/goform/wx3auth) on a network device directly enables remote code execution against a public-facing application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-4961Shared CWE-119, CWE-121
CVE-2026-5212Shared CWE-119, CWE-121
CVE-2026-5211Shared CWE-119, CWE-121
CVE-2026-5044Shared CWE-119, CWE-121
CVE-2025-9748Shared CWE-119, CWE-121
CVE-2026-4960Shared CWE-119, CWE-121
CVE-2026-4906Shared CWE-119, CWE-121
CVE-2026-5214Shared CWE-119, CWE-121
CVE-2026-4254Shared CWE-119, CWE-121
CVE-2025-14135Shared CWE-119, CWE-121

Affected Assets

ip-com
w30ap firmware
≤ 1.0.0.11\(1340\)

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents stack-based buffer overflows by validating the manipulated 'data' argument in POST requests to the R7WebsSecurityHandler.

prevent

Mitigates exploitation of the stack-based buffer overflow through memory protections like stack canaries, address space layout randomization, and non-executable stacks.

preventrecover

Addresses the vulnerability by requiring timely identification, reporting, and correction of the buffer overflow flaw via patches or firmware updates.

References