CVE-2026-7287

Zyxel · NWA1100-N

Multiple functions in the Zyxel NWA1100-N firmware contain a buffer overflow vulnerability, potentially allowing remote attackers to trigger a denial-of-service.

Executive summary

A buffer overflow vulnerability in the Zyxel NWA1100-N firmware poses a risk of remote denial-of-service, though the product is currently end-of-life.

Vulnerability

This is a classic buffer overflow (CWE-120) located in the "webs" binary, specifically within the formWep(), formWlAc(), formPasswordSetup(), formUpgradeCert(), and formDelcert() functions. The vulnerability is remotely exploitable by an unauthenticated attacker.

Business impact

The CVSS score of 7.5 highlights a high risk to availability. Because the device is an infrastructure component, a successful crash or service interruption could disrupt network connectivity for all users reliant on the NWA1100-N access point.

Remediation

Immediate Action: Since this device is end-of-life, the only effective remediation is to replace the affected hardware with a currently supported model.

Proactive Monitoring: Monitor for unusual traffic patterns or unexpected device reboots that may indicate exploitation attempts.

Compensating Controls: Place the device behind a robust firewall and restrict management interface access to a dedicated, isolated management VLAN.

Exploitation status

Public Exploit Available: No (no confirmed public exploit in available data)

Analyst recommendation

Because Zyxel NWA1100-N is no longer receiving security support, remediation cannot rely on patching. Organizations still utilizing this hardware should plan for immediate decommissioning and replacement with supported equipment to eliminate this persistent security risk.