CVE-2026-2017
IP-COM W30AP POST Request wx3auth R7WebsSecurityHandler stack-based overflow
CVSS Score
9.8
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability was detected in IP-COM W30AP up to 1.0.0.11(1340). Affected by this issue is the function R7WebsSecurityHandler of the file /goform/wx3auth of the component POST Request Handler. The manipulation of the argument data results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
| CWE | CWE-121 CWE-119 |
| Vendor | ip-com |
| Product | w30ap |
| Published | Feb 6, 2026 |
| Last Updated | Feb 23, 2026 |
Stay Ahead of the Next One
Get instant alerts for ip-com w30ap
Be the first to know when new critical vulnerabilities affecting ip-com w30ap are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
IP-COM / W30AP
1.0.0.11(1340)
References
vuldb.com: https://vuldb.com/?id.344599 vuldb.com: https://vuldb.com/?ctiid.344599 vuldb.com: https://vuldb.com/?submit.744062 vuldb.com: https://vuldb.com/?submit.744063 gitee.com: https://gitee.com/GXB0_0/iot-vul/blob/master/IP-COM/W30AP/wx3auth-sprintf.md gitee.com: https://gitee.com/GXB0_0/iot-vul/blob/master/IP-COM/W30AP/wx3auth-sprintf.md#poc
Credits
๐ GuoXB (VulDB User)