Severity by source
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains a stack-based buffer overflow vulnerability in the firewall.cgi and makeRequest.cgi binaries that allows unauthenticated attackers to overwrite the saved return address by sending a POST request with a Content-Length header exceeding 512 bytes. Attackers can exploit insufficient length validation in the fgets() call to achieve arbitrary code execution through return-oriented programming or return-to-libc techniques.
AnalysisAI
Stack-based buffer overflow in WDR201A WiFi Extender firewall.cgi and makeRequest.cgi binaries enables remote unauthenticated attackers to execute arbitrary code through crafted POST requests with oversized Content-Length headers. The vulnerability affects hardware version 2.1 running firmware LFMZX28040922V1.02, with publicly available proof-of-concept exploit code documented via AI-assisted vulnerability research. CVSS 8.3 with high attack complexity indicates exploitation requires advanced technical skills, though the network vector and lack of authentication requirements make this a significant risk for exposed IoT devices.
Technical ContextAI
This vulnerability exploits inadequate input validation in the fgets() function implementation within two CGI binaries (firewall.cgi and makeRequest.cgi) on the WDR201A WiFi Extender. The binaries allocate a fixed 512-byte stack buffer but fail to properly validate the Content-Length header value in incoming HTTP POST requests. When Content-Length exceeds 512 bytes, continued reading overwrites adjacent stack memory including the saved return address. This is a classic CWE-121 (Stack-based Buffer Overflow) where the attacker controls sufficient stack data to redirect execution flow. The affected CPE (cpe:2.3:a:shenzhen_yipu_commercial_and_trading_co.,_ltd:wdr201a_wifi_extender) identifies this as a product from Shenzhen Yipu Commercial and Trading Co., Ltd. Exploitation leverages return-oriented programming (ROP) or return-to-libc techniques to bypass common exploit mitigations, requiring the attacker to craft precise payloads that chain existing executable code segments. The CGI interface processes HTTP requests from the network layer without authentication, exposing the vulnerable code path to remote attackers.
RemediationAI
No vendor-released patch identified at time of analysis - firmware LFMZX28040922V1.02 remains the latest known version with no confirmed security update. Contact Shenzhen Yipu Commercial and Trading Co. directly via Made-in-China marketplace (https://www.made-in-china.com/showroom/yeapook/) to request patched firmware addressing CVE-2026-41927. Immediate compensating controls: (1) Remove WDR201A devices from direct internet exposure by placing behind NAT/firewall - blocks AV:N exploitation but reduces extender functionality if remote management required; (2) Implement strict firewall rules permitting only trusted source IPs to access device management interface (typically TCP/80 or TCP/443) - reduces attack surface but requires static IP management; (3) Disable remote management features entirely if device can be administered only via local network - eliminates remote attack vector but prevents off-site administration; (4) Deploy network intrusion detection monitoring for HTTP POST requests with Content-Length values exceeding 512 bytes targeting CGI endpoints - provides detection but not prevention and generates false positives from legitimate large uploads. For enterprise deployments, consider replacing with alternative WiFi extender products from vendors with established vulnerability disclosure programs and regular security updates.
More in Wdr201A Wifi Extender
View allRemote code execution in WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) allows unauthenticated network attackers
OS command injection in WDR201A WiFi Extender firmware v1.02 allows unauthenticated remote attackers to execute arbitrar
Remote code execution in WDR201A WiFi Extender (HW V2.1, FW ≤1.02) allows unauthenticated attackers to execute arbitrary
Remote unauthenticated command injection in WDR201A WiFi Extender (HW V2.1, FW ≤1.02) allows attackers to execute arbitr
Remote code execution in WDR201A WiFi Extender (HW V2.1, FW ≤1.02) allows unauthenticated network attackers to execute a
Same weakness CWE-121 – Stack-based Buffer Overflow
View allSame technique Stack Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-27127