What is the CVSS score of CVE-2026-7287?

CVE-2026-7287 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.3%.

Which versions of Zyxel NWA1100-N are affected by CVE-2026-7287?

CVE-2026-7287 affects Zyxel NWA1100-N access points, allowing unauthenticated remote attackers to crash devices through malformed HTTP requests, causing denial-of-service that could disrupt network…

Zyxel NWA1100-N CVE-2026-7287

EUVD-2026-29378 HIGH

Classic Buffer Overflow (CWE-120)

2026-05-12 Zyxel

GHSA-j38v-jpjg-hvr2

Buffer Overflow Zyxel

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

May 12, 2026 - 04:31 vuln.today

CVE Published

May 12, 2026 - 03:56 nvd

HIGH 7.5

DescriptionNVD

UNSUPPORTED WHEN ASSIGNED A buffer overflow vulnerability in the formWep(), formWlAc(), formPasswordSetup(), formUpgradeCert(), and formDelcert() functions of the “webs” binary in Zyxel NWA1100-N customized firmware version 1.00(AACE.1)C0 could allow an attacker to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request to a vulnerable device.

AnalysisAI

Remote unauthenticated attackers can crash Zyxel NWA1100-N access points running customized firmware version 1.00(AACE.1)C0 by sending malformed HTTP requests that trigger buffer overflows in five distinct web server functions (formWep, formWlAc, formPasswordSetup, formUpgradeCert, formDelcert). The vulnerability enables denial-of-service attacks with high CVSS 7.5 severity but is limited to an end-of-life product according to Zyxel's reference documentation. …

RemediationAI

24 hours: Identify all NWA1100-N devices running firmware 1.00(AACE.1)C0 in your environment through network scanning and asset inventory. 7 days: Isolate affected devices to restricted network segments or disable HTTP access via firewall rules; document business justification for any retained devices. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-7287 vulnerability details – vuln.today

Back

Zyxel NWA1100-N CVE-2026-7287

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code