CVE-2026-2017
Published: 06 February 2026
Summary
CVE-2026-2017 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Ip-Com W30Ap Firmware. Its CVSS base score is 8.9 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 10.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2026-2017 is a stack-based buffer overflow vulnerability affecting the IP-COM W30AP wireless access point in versions up to 1.0.0.11(1340). The flaw exists in the R7WebsSecurityHandler function of the /goform/wx3auth file within the POST Request Handler component, where manipulation of the "data" argument triggers the overflow.
The vulnerability enables remote exploitation by unauthenticated attackers with low attack complexity and no user interaction required, as indicated by its CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Successful attacks can result in high impacts to confidentiality, integrity, and availability, potentially allowing arbitrary code execution. A public exploit is available for use.
Advisories and references, including Gitee repositories with vulnerability analysis and proof-of-concept code as well as VulDB entries, document the issue but note that the vendor was contacted early without any response. No patches or official mitigations are referenced.
The public availability of the exploit heightens the risk for affected devices.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-5686
Vulnerability details
A vulnerability was detected in IP-COM W30AP up to 1.0.0.11(1340). Affected by this issue is the function R7WebsSecurityHandler of the file /goform/wx3auth of the component POST Request Handler. The manipulation of the argument data results in stack-based buffer overflow. The…
more
attack may be performed from remote. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in unauthenticated web POST handler (/goform/wx3auth) on a network device directly enables remote code execution against a public-facing application.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prevents stack-based buffer overflows by validating the manipulated 'data' argument in POST requests to the R7WebsSecurityHandler.
Mitigates exploitation of the stack-based buffer overflow through memory protections like stack canaries, address space layout randomization, and non-executable stacks.
Addresses the vulnerability by requiring timely identification, reporting, and correction of the buffer overflow flaw via patches or firmware updates.