CVE-2026-7287
Buffer Overflow in Zyxel NWA1100-N Firmware
Publication date: 2026-05-12
Last updated on: 2026-05-12
Assigner: Zyxel Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zyxel | nwa1100-n | 1.00(aace.1)c0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a buffer overflow in several functions (formWep(), formWlAc(), formPasswordSetup(), formUpgradeCert(), and formDelcert()) of the "webs" binary in Zyxel NWA1100-N customized firmware version 1.00(AACE.1)C0.
An attacker can exploit this by sending a specially crafted HTTP request to the vulnerable device.
The result of this exploitation could be a denial-of-service (DoS) condition, meaning the device could become unavailable or stop functioning properly.
How can this vulnerability impact me? :
The primary impact of this vulnerability is that an attacker can cause a denial-of-service (DoS) condition on the affected Zyxel NWA1100-N device.
This means the device could become unresponsive or stop working, potentially disrupting network connectivity or services relying on this device.