Description
WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the internet.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the gateway POST parameter. Attackers can exploit unsanitized parameter concatenation in the set_add_routing function to inject shell commands that are executed via popen() with partial output reflected in the HTTP response.
Published: 2026-05-04
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 has an OS command injection in internet.cgi that lets unauthenticated remote attackers supply a malicious gateway POST value, which the set_add_routing function concatenates unsafely and passes to popen(). The result is arbitrary shell commands executed with the privileges of the webserver process, enabling full compromise of the device. The vulnerability provides complete code‑execution capability, allowing attackers to install malware, hijack traffic, or pivot to other network assets.

Affected Systems

Affected vendors and products include Shenzhen Yipu Commercial and Trading Co., Ltd’s WDR201A WiFi Extender model. The specific vulnerability applies to hardware version V2.1 running firmware LFMZX28040922V1.02. No other versions are listed as affected in the available data.

Risk and Exploitability

The CVSS score of 9.3 classifies this flaw as critical, indicating high exploitation likelihood and impact. While the EPSS score is not available, the absence of a KEV listing does not reduce the risk because the flaw allows unauthenticated remote command injection. The likely attack vector is a crafted HTTP POST request to internet.cgi over the public-facing interface, implying that any device exposed to the internet is vulnerable unless mitigated.

Generated by OpenCVE AI on May 4, 2026 at 20:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware release from Shenzhen Yipu that addresses the OS command injection vulnerability.
  • Restrict external access to the internet.cgi endpoint by configuring firewall rules or disabling the interface if not needed.
  • Implement network segmentation so that the WiFi extender is isolated from critical assets and monitor its logs for anomalous command execution attempts.

Generated by OpenCVE AI on May 4, 2026 at 20:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 06 May 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Shenzhen Yuner Yipu
Shenzhen Yuner Yipu wifi Extender Wdr201a
Vendors & Products Shenzhen Yuner Yipu
Shenzhen Yuner Yipu wifi Extender Wdr201a

Tue, 05 May 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 04 May 2026 19:30:00 +0000

Type Values Removed Values Added
Description WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the internet.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the gateway POST parameter. Attackers can exploit unsanitized parameter concatenation in the set_add_routing function to inject shell commands that are executed via popen() with partial output reflected in the HTTP response.
Title WDR201A WiFi Extender OS Command Injection via internet.cgi
Weaknesses CWE-78
References
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Shenzhen Yuner Yipu Wifi Extender Wdr201a
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-11T23:11:48.064Z

Reserved: 2026-04-22T18:50:43.619Z

Link: CVE-2026-41923

cve-icon Vulnrichment

Updated: 2026-05-05T13:09:33.227Z

cve-icon NVD

Status : Deferred

Published: 2026-05-04T20:16:19.017

Modified: 2026-05-05T19:47:31.297

Link: CVE-2026-41923

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-06T09:22:40Z

Weaknesses