Zyxel NWA1100-N Firmware DoS: CVE-2026-7287 Buffer Overflow
The National Vulnerability Database has disclosed CVE-2026-7287, a high-severity buffer overflow vulnerability impacting Zyxel NWA1100-N customized firmware version 1.00(AACE.1)C0. This flaw resides within multiple functions of the device’s “webs” binary, specifically formWep(), formWlAc(), formPasswordSetup(), formUpgradeCert(), and formDelcert().
An unauthenticated attacker can trigger a Denial-of-Service (DoS) condition by sending a specially crafted HTTP request to a vulnerable device. This attack vector, rated with a CVSS score of 7.5 (HIGH), requires no privileges and no user interaction, making it a critical concern for exposed devices. The underlying issue is a CWE-120 buffer overflow.
While specific affected products beyond the firmware version are not detailed, any organization running Zyxel NWA1100-N with this firmware is directly at risk. The ease of exploitation and the potential for network disruption demand immediate attention. Attackers will leverage this for quick, low-effort network disruption.
What This Means For You
- If your organization utilizes Zyxel NWA1100-N devices, you need to identify any running customized firmware version 1.00(AACE.1)C0. Prioritize patching or isolating these devices immediately to prevent unauthenticated DoS attacks via CVE-2026-7287. This isn't theoretical; it's a direct pathway to operational disruption.
Related ATT&CK Techniques
🛡️ Detection Rules
4 rules · 6 SIEM formats4 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
Zyxel NWA1100-N Firmware DoS via Buffer Overflow - CVE-2026-7287
title: Zyxel NWA1100-N Firmware DoS via Buffer Overflow - CVE-2026-7287
id: scw-2026-05-12-ai-1
status: experimental
level: high
description: |
Detects attempts to exploit CVE-2026-7287 by targeting the formWep function in the Zyxel NWA1100-N web management interface. This rule looks for POST requests to the cgi-bin/webcm endpoint with 'formWep' in the URI query, indicative of the buffer overflow vulnerability.
author: SCW Feed Engine (AI-generated)
date: 2026-05-12
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-7287/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri|contains:
- '/cgi-bin/webcm'
cs-method|exact:
- 'POST'
cs-uri-query|contains:
- 'formWep'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-7287 | Buffer Overflow | Zyxel NWA1100-N customized firmware version 1.00(AACE.1)C0 |
| CVE-2026-7287 | DoS | webs binary functions: formWep(), formWlAc(), formPasswordSetup(), formUpgradeCert(), formDelcert() |
| CVE-2026-7287 | DoS | Crafted HTTP request |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 12, 2026 at 07:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-41872: Kura Sushi App Vulnerable to MITM via Improper Certificate Validation
CVE-2026-41872 — "Kura Sushi Official App" provided by EPG, Inc. is vulnerable to improper certificate validation. A man-in-the-middle attack may allow eavesdropping on, or altering,...
CVE-2026-7257 — The Configuration File Of Zyxel WRE6505 Vulnerability
CVE-2026-7257 — ** UNSUPPORTED WHEN ASSIGNED ** An insecure storage of sensitive information vulnerability in the configuration file of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0...
Zyxel WRE6505 v2: High-Severity Command Injection Vulnerability
CVE-2026-7256 — ** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an...