{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-7287/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-7287"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["NWA1100-N customized firmware"],"_cs_severities":["medium"],"_cs_tags":["dos","buffer overflow","cve-2026-7287"],"_cs_type":"advisory","_cs_vendors":["Zyxel"],"content_html":"\u003cp\u003eCVE-2026-7287 describes a buffer overflow vulnerability affecting Zyxel NWA1100-N devices running customized firmware version 1.00(AACE.1)C0. The vulnerability exists within the “webs” binary, specifically in the formWep(), formWlAc(), formPasswordSetup(), formUpgradeCert(), and formDelcert() functions. An attacker can exploit this flaw by sending a specially crafted HTTP request to the targeted device. Successful exploitation leads to a denial-of-service (DoS) condition, rendering the device unavailable. This vulnerability is classified as unsupported when assigned, indicating potential limitations in vendor support or remediation.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a vulnerable Zyxel NWA1100-N device running firmware version 1.00(AACE.1)C0.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious HTTP request targeting the \u0026ldquo;webs\u0026rdquo; binary.\u003c/li\u003e\n\u003cli\u003eThe HTTP request is designed to trigger a buffer overflow in one of the vulnerable functions: formWep(), formWlAc(), formPasswordSetup(), formUpgradeCert(), or formDelcert().\u003c/li\u003e\n\u003cli\u003eThe device processes the crafted HTTP request.\u003c/li\u003e\n\u003cli\u003eThe vulnerable function attempts to write data beyond the allocated buffer.\u003c/li\u003e\n\u003cli\u003eThe buffer overflow corrupts memory, leading to a crash or unexpected behavior within the \u0026ldquo;webs\u0026rdquo; process.\u003c/li\u003e\n\u003cli\u003eThe \u0026ldquo;webs\u0026rdquo; process becomes unresponsive, causing a denial of service.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-7287 results in a denial-of-service (DoS) condition on the affected Zyxel NWA1100-N device. This means the device becomes unavailable to legitimate users, disrupting network connectivity and potentially impacting business operations. The NVD assigns this vulnerability a CVSS v3.1 base score of 7.5, indicating a high potential impact in terms of availability.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor web server logs for unusual HTTP requests targeting the vulnerable functions (\u003ccode\u003eformWep\u003c/code\u003e, \u003ccode\u003eformWlAc\u003c/code\u003e, \u003ccode\u003eformPasswordSetup\u003c/code\u003e, \u003ccode\u003eformUpgradeCert\u003c/code\u003e, \u003ccode\u003eformDelcert\u003c/code\u003e) on Zyxel devices, using a rule similar to the example below.\u003c/li\u003e\n\u003cli\u003eConsult the Zyxel end-of-life page referenced for potential mitigation strategies or device replacement options.\u003c/li\u003e\n\u003cli\u003eSince this CVE is marked as \u0026ldquo;unsupported when assigned\u0026rdquo;, consider network segmentation to limit the impact of a successful exploit if device replacement or patching is not possible.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-12T04:18:29Z","date_published":"2026-05-12T04:18:29Z","id":"https://feed.craftedsignal.io/briefs/2026-05-zyxel-dos/","summary":"A buffer overflow vulnerability in Zyxel NWA1100-N firmware allows a remote attacker to cause a denial-of-service by sending a crafted HTTP request to the webs binary.","title":"CVE-2026-7287 - Zyxel NWA1100-N Buffer Overflow Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-zyxel-dos/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-7287","version":"https://jsonfeed.org/version/1.1"}