Description
** UNSUPPORTED WHEN ASSIGNED ** A buffer overflow vulnerability in the formWep(), formWlAc(), formPasswordSetup(), formUpgradeCert(), and formDelcert() functions of the “webs” binary in Zyxel NWA1100-N customized firmware version 1.00(AACE.1)C0 could allow an attacker to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request to a vulnerable device.
Published: 2026-05-12
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A buffer overflow in the functions formWep(), formWlAc(), formPasswordSetup(), formUpgradeCert(), and formDelcert() of the webs binary on Zyxel NWA1100‑N devices can be triggered by a crafted HTTP request. The overflow leads to a denial‑of‑service condition, compromising the availability of the entire device but not directly affecting confidentiality or integrity. The weakness is a classic stack‑based buffer overflow as identified by CWE‑120.

Affected Systems

Zyxel NWA1100‑N routers running customized firmware version 1.00(AACE.1)C0.

Risk and Exploitability

The CVSS score of 7.5 indicates moderate severity. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is a remote HTTP request to the vulnerable endpoints; any network where the web management interface is reachable can be targeted. Without an available patch, the risk remains and may lead to repeated device restarts or degraded network service.

Generated by OpenCVE AI on May 12, 2026 at 05:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Block or restrict HTTP traffic to the NWA1100‑N from untrusted networks or segment management traffic on a dedicated VLAN.
  • If possible, disable remote HTTP web‑management or configure the interface to use HTTPS only to reduce exposure.
  • Check Zyxel’s support site for any firmware update that addresses the overflow and upgrade the device when available.

Generated by OpenCVE AI on May 12, 2026 at 05:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 12 May 2026 06:45:00 +0000

Type Values Removed Values Added
First Time appeared Zyxel
Zyxel nwa1100-n Firmware
Vendors & Products Zyxel
Zyxel nwa1100-n Firmware

Tue, 12 May 2026 06:00:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in Zyxel NWA1100‑N Web Administration Causes Denial of Service

Tue, 12 May 2026 04:15:00 +0000

Type Values Removed Values Added
Description ** UNSUPPORTED WHEN ASSIGNED ** A buffer overflow vulnerability in the formWep(), formWlAc(), formPasswordSetup(), formUpgradeCert(), and formDelcert() functions of the “webs” binary in Zyxel NWA1100-N customized firmware version 1.00(AACE.1)C0 could allow an attacker to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request to a vulnerable device.
Weaknesses CWE-120
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Zyxel Nwa1100-n Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: Zyxel

Published:

Updated: 2026-05-12T12:47:28.490Z

Reserved: 2026-04-28T09:40:36.000Z

Link: CVE-2026-7287

cve-icon Vulnrichment

Updated: 2026-05-12T12:47:19.622Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-12T04:16:29.637

Modified: 2026-05-12T15:11:29.503

Link: CVE-2026-7287

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T06:45:09Z

Weaknesses