CNNVD-202602-1016 Information

Feb 06, 2026 cve

CNNVD ID

CNNVD-202602-1016

CVE-2026-2017

CNNVD Published: 2026-02-06

Description (Chinese)

IP-COM W30AP是美国IP-COM公司的一个无线接入点设备。 IP-COM W30AP 1.0.0.11(1340)及之前版本存在安全漏洞，该漏洞源于对组件POST Request Handler中文件/goform/wx3auth内函数R7WebsSecurityHandler的参数data的错误操作，可能导致基于栈的缓冲区溢出。

Description (English)

IP-COM W30AP is a wireless access point equipment of the United States company IP-COM. The security gap in IP-COM W30AP 1.0.0.0.11 (1340) and earlier versions stems from the error of the parameter data of the R7WebsSecurityHandler internal function of the component POST Request Handler/goform/wx3auth, which could result in the spilling out of the fence-based buffer zone.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

IP-COM

Published

2026-02-06

Last Modified

2026-02-24

References

https://gitee.com/GXB0_0/iot-vul/blob/master/IP-COM/W30AP/wx3auth-sprintf.md https://gitee.com/GXB0_0/iot-vul/blob/master/IP-COM/W30AP/wx3auth-sprintf.md#poc https://vuldb.com/?ctiid.344599 https://vuldb.com/?id.344599 https://vuldb.com/?submit.744062 https://vuldb.com/?submit.744063

Share on: