Skip to main content

WDR201A WiFi Extender EUVDEUVD-2026-27117

| CVE-2026-41922 CRITICAL
OS Command Injection (CWE-78)
2026-05-04 VulnCheck
9.3
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
9.3 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
May 04, 2026 - 22:15 vuln.today
CVSS changed
May 04, 2026 - 20:22 NVD
9.3 (CRITICAL)

DescriptionCVE.org

WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the wireless.cgi binary that allow unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the sz11gChannel or PIN POST parameters. Attackers can exploit unsanitized parameter handling in the set_wifi_basic and set_wifi_do_wps functions to achieve remote code execution without authentication.

AnalysisAI

Remote code execution in WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) allows unauthenticated network attackers to execute arbitrary shell commands via OS command injection in the wireless.cgi binary. Attackers exploit unsanitized sz11gChannel or PIN POST parameters in set_wifi_basic and set_wifi_do_wps functions to achieve root-level code execution without authentication. Publicly available exploit code exists. CVSS v4.0 score of 9.3 reflects the critical nature: network-accessible, no complexity, no authentication required, with high confidentiality, integrity, and availability impact. SSVC assessment confirms POC availability, full automatable exploitation, and total technical impact-making this a high-priority remediation target despite no confirmed active exploitation (not CISA KEV-listed).

Technical ContextAI

This is a classic OS command injection vulnerability (CWE-78) in embedded device firmware. The WDR201A WiFi Extender's wireless.cgi CGI binary handles Wi-Fi configuration through HTTP POST requests but fails to sanitize user-supplied input in the sz11gChannel (wireless channel parameter) and PIN (WPS PIN parameter) fields. When processing these parameters through set_wifi_basic and set_wifi_do_wps functions, the firmware likely passes unsanitized strings directly to system shell commands (exec, popen, system calls). CPE identifier confirms the affected product: Shenzhen Yipu Commercial and Trading Co., Ltd WDR201A WiFi Extender. The vulnerability exists in web management interface code typical of low-cost consumer IoT devices, where input validation is often minimal or absent. The wireless.cgi binary runs with elevated privileges (likely root) as is common in embedded device web servers, making successful injection immediately catastrophic.

RemediationAI

No vendor-released patch identified at time of analysis-Shenzhen Yipu Commercial and Trading Co. has not published firmware updates addressing CVE-2026-41922 per available references. Immediate compensating controls required: (1) Remove all WDR201A WiFi Extenders from network perimeter-disable UPnP port forwarding and ensure devices are NOT accessible from internet (verify via Shodan/external scan); side effect: manual port configuration required for services. (2) Implement strict network segmentation-place extenders on isolated VLAN with firewall rules blocking inbound access to TCP/HTTP management interface (typically port 80/443); side effect: requires VLAN-capable networking equipment and administrative access from jump host only. (3) Disable web management interface entirely if CLI/physical button configuration is sufficient for deployment; side effect: loss of remote management capability. (4) Deploy network intrusion detection signatures to detect exploitation attempts targeting wireless.cgi with shell metacharacters in POST bodies; side effect: requires IDS/IPS infrastructure and signature maintenance. (5) Ultimate recommendation: Replace devices with enterprise-grade WiFi extenders from vendors with established security response programs (Cisco, Ubiquiti, Aruba). Consult vendor contact at made-in-china.com showroom for patch availability, though consumer IoT vendors rarely backport fixes to older firmware. Monitor VulnCheck advisory page for updates.

Share

EUVD-2026-27117 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy