Wdr201A Wifi Extender
Monthly
Stack-based buffer overflow in WDR201A WiFi Extender firewall.cgi and makeRequest.cgi binaries enables remote unauthenticated attackers to execute arbitrary code through crafted POST requests with oversized Content-Length headers. The vulnerability affects hardware version 2.1 running firmware LFMZX28040922V1.02, with publicly available proof-of-concept exploit code documented via AI-assisted vulnerability research. CVSS 8.3 with high attack complexity indicates exploitation requires advanced technical skills, though the network vector and lack of authentication requirements make this a significant risk for exposed IoT devices.
Remote unauthenticated command injection in WDR201A WiFi Extender (HW V2.1, FW ≤1.02) allows attackers to execute arbitrary OS commands with device privileges via five vulnerable firewall.cgi handlers without authentication. Injected commands persist in NVRAM and automatically re-execute on every subsequent firewall request, creating a self-sustaining backdoor. Public exploit code exists per VulnCheck, making this an immediate weaponization risk for exposed devices. CVSS 9.3 reflects network attack vector with no complexity or authentication barriers (AV:N/AC:L/PR:N), though real-world impact depends on whether management interfaces are internet-exposed.
Remote code execution in WDR201A WiFi Extender (HW V2.1, FW ≤1.02) allows unauthenticated attackers to execute arbitrary OS commands via the adm.cgi binary's reboot_time parameter. The vulnerability stems from unsanitized input handling in the reboot scheduling function, exploitable by sending crafted POST requests with shell metacharacters when reboot_enabled=1. Public exploit code exists (CVSS 9.3, SSVC: automatable/total impact), making this a critical priority for affected deployments despite no confirmed CISA KEV listing at time of analysis.
Remote code execution in WDR201A WiFi Extender (HW V2.1, FW ≤1.02) allows unauthenticated network attackers to execute arbitrary OS commands via the makeRequest.cgi binary. Exploitation requires no user interaction and has CVSS:4.0 score of 9.3. Publicly available exploit code exists (confirmed by VulnCheck and CISA SSVC framework), enabling automated attacks against exposed devices. SSVC designates this as automatable with total technical impact, representing immediate operational risk to internet-facing extenders.
OS command injection in WDR201A WiFi Extender firmware v1.02 allows unauthenticated remote attackers to execute arbitrary shell commands via the gateway parameter in internet.cgi. Exploitation requires no user interaction or authentication against internet-exposed devices. Public exploit code exists (VulnCheck advisory), demonstrating active security research interest. CVSS 9.3 reflects maximum network exploitability (AV:N/AC:L/PR:N/UI:N) with high confidentiality, integrity, and availability impact on the device itself. No vendor patch identified at time of analysis for this discontinued consumer IoT product.
Remote code execution in WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) allows unauthenticated network attackers to execute arbitrary shell commands via OS command injection in the wireless.cgi binary. Attackers exploit unsanitized sz11gChannel or PIN POST parameters in set_wifi_basic and set_wifi_do_wps functions to achieve root-level code execution without authentication. Publicly available exploit code exists. CVSS v4.0 score of 9.3 reflects the critical nature: network-accessible, no complexity, no authentication required, with high confidentiality, integrity, and availability impact. SSVC assessment confirms POC availability, full automatable exploitation, and total technical impact-making this a high-priority remediation target despite no confirmed active exploitation (not CISA KEV-listed).
Stack-based buffer overflow in WDR201A WiFi Extender firewall.cgi and makeRequest.cgi binaries enables remote unauthenticated attackers to execute arbitrary code through crafted POST requests with oversized Content-Length headers. The vulnerability affects hardware version 2.1 running firmware LFMZX28040922V1.02, with publicly available proof-of-concept exploit code documented via AI-assisted vulnerability research. CVSS 8.3 with high attack complexity indicates exploitation requires advanced technical skills, though the network vector and lack of authentication requirements make this a significant risk for exposed IoT devices.
Remote unauthenticated command injection in WDR201A WiFi Extender (HW V2.1, FW ≤1.02) allows attackers to execute arbitrary OS commands with device privileges via five vulnerable firewall.cgi handlers without authentication. Injected commands persist in NVRAM and automatically re-execute on every subsequent firewall request, creating a self-sustaining backdoor. Public exploit code exists per VulnCheck, making this an immediate weaponization risk for exposed devices. CVSS 9.3 reflects network attack vector with no complexity or authentication barriers (AV:N/AC:L/PR:N), though real-world impact depends on whether management interfaces are internet-exposed.
Remote code execution in WDR201A WiFi Extender (HW V2.1, FW ≤1.02) allows unauthenticated attackers to execute arbitrary OS commands via the adm.cgi binary's reboot_time parameter. The vulnerability stems from unsanitized input handling in the reboot scheduling function, exploitable by sending crafted POST requests with shell metacharacters when reboot_enabled=1. Public exploit code exists (CVSS 9.3, SSVC: automatable/total impact), making this a critical priority for affected deployments despite no confirmed CISA KEV listing at time of analysis.
Remote code execution in WDR201A WiFi Extender (HW V2.1, FW ≤1.02) allows unauthenticated network attackers to execute arbitrary OS commands via the makeRequest.cgi binary. Exploitation requires no user interaction and has CVSS:4.0 score of 9.3. Publicly available exploit code exists (confirmed by VulnCheck and CISA SSVC framework), enabling automated attacks against exposed devices. SSVC designates this as automatable with total technical impact, representing immediate operational risk to internet-facing extenders.
OS command injection in WDR201A WiFi Extender firmware v1.02 allows unauthenticated remote attackers to execute arbitrary shell commands via the gateway parameter in internet.cgi. Exploitation requires no user interaction or authentication against internet-exposed devices. Public exploit code exists (VulnCheck advisory), demonstrating active security research interest. CVSS 9.3 reflects maximum network exploitability (AV:N/AC:L/PR:N/UI:N) with high confidentiality, integrity, and availability impact on the device itself. No vendor patch identified at time of analysis for this discontinued consumer IoT product.
Remote code execution in WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) allows unauthenticated network attackers to execute arbitrary shell commands via OS command injection in the wireless.cgi binary. Attackers exploit unsanitized sz11gChannel or PIN POST parameters in set_wifi_basic and set_wifi_do_wps functions to achieve root-level code execution without authentication. Publicly available exploit code exists. CVSS v4.0 score of 9.3 reflects the critical nature: network-accessible, no complexity, no authentication required, with high confidentiality, integrity, and availability impact. SSVC assessment confirms POC availability, full automatable exploitation, and total technical impact-making this a high-priority remediation target despite no confirmed active exploitation (not CISA KEV-listed).