Skip to main content

Wdr201A Wifi Extender

6 CVEs product

Monthly

CVE-2026-41927 HIGH POC This Week

Stack-based buffer overflow in WDR201A WiFi Extender firewall.cgi and makeRequest.cgi binaries enables remote unauthenticated attackers to execute arbitrary code through crafted POST requests with oversized Content-Length headers. The vulnerability affects hardware version 2.1 running firmware LFMZX28040922V1.02, with publicly available proof-of-concept exploit code documented via AI-assisted vulnerability research. CVSS 8.3 with high attack complexity indicates exploitation requires advanced technical skills, though the network vector and lack of authentication requirements make this a significant risk for exposed IoT devices.

Stack Overflow RCE Buffer Overflow Wdr201A Wifi Extender
NVD VulDB
CVSS 4.0
8.3
EPSS
0.0%
CVE-2026-41926 CRITICAL POC Act Now

Remote unauthenticated command injection in WDR201A WiFi Extender (HW V2.1, FW ≤1.02) allows attackers to execute arbitrary OS commands with device privileges via five vulnerable firewall.cgi handlers without authentication. Injected commands persist in NVRAM and automatically re-execute on every subsequent firewall request, creating a self-sustaining backdoor. Public exploit code exists per VulnCheck, making this an immediate weaponization risk for exposed devices. CVSS 9.3 reflects network attack vector with no complexity or authentication barriers (AV:N/AC:L/PR:N), though real-world impact depends on whether management interfaces are internet-exposed.

Command Injection Wdr201A Wifi Extender
NVD VulDB
CVSS 4.0
9.3
EPSS
0.4%
CVE-2026-41925 CRITICAL POC Act Now

Remote code execution in WDR201A WiFi Extender (HW V2.1, FW ≤1.02) allows unauthenticated attackers to execute arbitrary OS commands via the adm.cgi binary's reboot_time parameter. The vulnerability stems from unsanitized input handling in the reboot scheduling function, exploitable by sending crafted POST requests with shell metacharacters when reboot_enabled=1. Public exploit code exists (CVSS 9.3, SSVC: automatable/total impact), making this a critical priority for affected deployments despite no confirmed CISA KEV listing at time of analysis.

Command Injection RCE Wdr201A Wifi Extender
NVD VulDB
CVSS 4.0
9.3
EPSS
0.5%
CVE-2026-41924 CRITICAL POC Act Now

Remote code execution in WDR201A WiFi Extender (HW V2.1, FW ≤1.02) allows unauthenticated network attackers to execute arbitrary OS commands via the makeRequest.cgi binary. Exploitation requires no user interaction and has CVSS:4.0 score of 9.3. Publicly available exploit code exists (confirmed by VulnCheck and CISA SSVC framework), enabling automated attacks against exposed devices. SSVC designates this as automatable with total technical impact, representing immediate operational risk to internet-facing extenders.

Command Injection Wdr201A Wifi Extender
NVD VulDB
CVSS 4.0
9.3
EPSS
0.2%
CVE-2026-41923 CRITICAL POC Act Now

OS command injection in WDR201A WiFi Extender firmware v1.02 allows unauthenticated remote attackers to execute arbitrary shell commands via the gateway parameter in internet.cgi. Exploitation requires no user interaction or authentication against internet-exposed devices. Public exploit code exists (VulnCheck advisory), demonstrating active security research interest. CVSS 9.3 reflects maximum network exploitability (AV:N/AC:L/PR:N/UI:N) with high confidentiality, integrity, and availability impact on the device itself. No vendor patch identified at time of analysis for this discontinued consumer IoT product.

Command Injection Wdr201A Wifi Extender
NVD VulDB
CVSS 4.0
9.3
EPSS
0.5%
CVE-2026-41922 CRITICAL POC Act Now

Remote code execution in WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) allows unauthenticated network attackers to execute arbitrary shell commands via OS command injection in the wireless.cgi binary. Attackers exploit unsanitized sz11gChannel or PIN POST parameters in set_wifi_basic and set_wifi_do_wps functions to achieve root-level code execution without authentication. Publicly available exploit code exists. CVSS v4.0 score of 9.3 reflects the critical nature: network-accessible, no complexity, no authentication required, with high confidentiality, integrity, and availability impact. SSVC assessment confirms POC availability, full automatable exploitation, and total technical impact-making this a high-priority remediation target despite no confirmed active exploitation (not CISA KEV-listed).

Command Injection RCE Wdr201A Wifi Extender
NVD VulDB
CVSS 4.0
9.3
EPSS
0.9%
EPSS 0% CVSS 8.3
HIGH POC This Week

Stack-based buffer overflow in WDR201A WiFi Extender firewall.cgi and makeRequest.cgi binaries enables remote unauthenticated attackers to execute arbitrary code through crafted POST requests with oversized Content-Length headers. The vulnerability affects hardware version 2.1 running firmware LFMZX28040922V1.02, with publicly available proof-of-concept exploit code documented via AI-assisted vulnerability research. CVSS 8.3 with high attack complexity indicates exploitation requires advanced technical skills, though the network vector and lack of authentication requirements make this a significant risk for exposed IoT devices.

Stack Overflow RCE Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 9.3
CRITICAL POC Act Now

Remote unauthenticated command injection in WDR201A WiFi Extender (HW V2.1, FW ≤1.02) allows attackers to execute arbitrary OS commands with device privileges via five vulnerable firewall.cgi handlers without authentication. Injected commands persist in NVRAM and automatically re-execute on every subsequent firewall request, creating a self-sustaining backdoor. Public exploit code exists per VulnCheck, making this an immediate weaponization risk for exposed devices. CVSS 9.3 reflects network attack vector with no complexity or authentication barriers (AV:N/AC:L/PR:N), though real-world impact depends on whether management interfaces are internet-exposed.

Command Injection Wdr201A Wifi Extender
NVD VulDB
EPSS 0% CVSS 9.3
CRITICAL POC Act Now

Remote code execution in WDR201A WiFi Extender (HW V2.1, FW ≤1.02) allows unauthenticated attackers to execute arbitrary OS commands via the adm.cgi binary's reboot_time parameter. The vulnerability stems from unsanitized input handling in the reboot scheduling function, exploitable by sending crafted POST requests with shell metacharacters when reboot_enabled=1. Public exploit code exists (CVSS 9.3, SSVC: automatable/total impact), making this a critical priority for affected deployments despite no confirmed CISA KEV listing at time of analysis.

Command Injection RCE Wdr201A Wifi Extender
NVD VulDB
EPSS 0% CVSS 9.3
CRITICAL POC Act Now

Remote code execution in WDR201A WiFi Extender (HW V2.1, FW ≤1.02) allows unauthenticated network attackers to execute arbitrary OS commands via the makeRequest.cgi binary. Exploitation requires no user interaction and has CVSS:4.0 score of 9.3. Publicly available exploit code exists (confirmed by VulnCheck and CISA SSVC framework), enabling automated attacks against exposed devices. SSVC designates this as automatable with total technical impact, representing immediate operational risk to internet-facing extenders.

Command Injection Wdr201A Wifi Extender
NVD VulDB
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

OS command injection in WDR201A WiFi Extender firmware v1.02 allows unauthenticated remote attackers to execute arbitrary shell commands via the gateway parameter in internet.cgi. Exploitation requires no user interaction or authentication against internet-exposed devices. Public exploit code exists (VulnCheck advisory), demonstrating active security research interest. CVSS 9.3 reflects maximum network exploitability (AV:N/AC:L/PR:N/UI:N) with high confidentiality, integrity, and availability impact on the device itself. No vendor patch identified at time of analysis for this discontinued consumer IoT product.

Command Injection Wdr201A Wifi Extender
NVD VulDB
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

Remote code execution in WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) allows unauthenticated network attackers to execute arbitrary shell commands via OS command injection in the wireless.cgi binary. Attackers exploit unsanitized sz11gChannel or PIN POST parameters in set_wifi_basic and set_wifi_do_wps functions to achieve root-level code execution without authentication. Publicly available exploit code exists. CVSS v4.0 score of 9.3 reflects the critical nature: network-accessible, no complexity, no authentication required, with high confidentiality, integrity, and availability impact. SSVC assessment confirms POC availability, full automatable exploitation, and total technical impact-making this a high-priority remediation target despite no confirmed active exploitation (not CISA KEV-listed).

Command Injection RCE Wdr201A Wifi Extender
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy