What is the CVSS score of CVE-2026-2017?

CVE-2026-2017 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.2%.

Which versions of W30ap Firmware are affected by CVE-2026-2017?

A critical vulnerability (CVSS 9.8) affecting IP-COM W30AP wireless access points up to version 1.0.0.11(1340) enables unauthenticated remote attackers to compromise affected devices through the…

Is there a public PoC exploit available for CVE-2026-2017?

Yes, a public proof-of-concept exploit is available for CVE-2026-2017. Prioritise patching immediately. EPSS: 0.2%.

How to fix or mitigate CVE-2026-2017?

Within 24 hours: Inventory all IP-COM W30AP devices in production and isolate any running vulnerable firmware versions from critical network segments; disable external access to the /goform/wx3auth endpoint via firewall rules. Within 7 days: Apply network segmentation to restrict access to affected access points to administrative networks only; implement continuous monitoring for exploitation attempts. Within 30 days: Contact IP-COM for patch availability and develop a firmware update deployment plan; evaluate replacement of devices if patches remain unavailable.

W30ap Firmware CVE-2026-2017

CRITICAL

Buffer Overflow (CWE-119)

2026-02-06 cna@vuldb.com

Buffer Overflow Stack Overflow W30ap Firmware

9.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

9.8 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Feb 17, 2026 - 19:09 vuln.today

Public exploit code

CVE Published

Feb 06, 2026 - 12:16 nvd

CRITICAL 9.8

DescriptionCVE.org

A vulnerability was detected in IP-COM W30AP up to 1.0.0.11(1340). Affected by this issue is the function R7WebsSecurityHandler of the file /goform/wx3auth of the component POST Request Handler. The manipulation of the argument data results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

IP-COM W30AP wireless access point up to firmware 1.0.0.11 has a buffer overflow that allows remote attackers to execute code or crash the device.

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Send crafted POST request to /goform/wx3auth

Exploit

Inject oversized data parameter

Execution

Overflow stack buffer in R7WebsSecurityHandler

Impact

Execute arbitrary code with device privileges

Access

Send crafted POST request to /goform/wx3auth

Exploit

Inject oversized data parameter

Execution

Overflow stack buffer in R7WebsSecurityHandler

Impact

Execute arbitrary code with device privileges

Vulnerability AssessmentAI

Exploitation	IP-COM W30AP firmware version up to 1.0.0.11(1340) with /goform/wx3auth POST endpoint accessible. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	CVSS 9.8 with PoC. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker sends crafted HTTP requests to the AP's CGI interface, triggering the overflow and gaining code execution to configure the AP as a rogue access point.
Remediation	Update firmware. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all IP-COM W30AP devices in production and isolate any running vulnerable firmware versions from critical network segments; disable external access to the /goform/wx3auth endpoint via firewall rules. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-2017 vulnerability details – vuln.today

Back

W30ap Firmware CVE-2026-2017

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code