Description
WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains a stack-based buffer overflow vulnerability in the firewall.cgi and makeRequest.cgi binaries that allows unauthenticated attackers to overwrite the saved return address by sending a POST request with a Content-Length header exceeding 512 bytes. Attackers can exploit insufficient length validation in the fgets() call to achieve arbitrary code execution through return-oriented programming or return-to-libc techniques.
Published: 2026-05-04
Score: 8.3 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An unauthenticated attacker can exploit a stack‑based buffer overflow in the firewall.cgi and makeRequest.cgi binaries of the WDR201A WiFi Extender. By sending a POST request whose Content‑Length header exceeds 512 bytes, the attacker bypasses length checks in a fgets() call and overwrites the saved return address, enabling arbitrary code execution via return‑oriented programming or return‑to‑libc techniques.

Affected Systems

Shenzhen Yipu Commercial and Trading Co., Ltd supplies the WDR201A WiFi Extender (hardware V2.1, firmware LFMZX28040922V1.02). These devices are affected by the vulnerability.

Risk and Exploitability

The CVSS score of 8.3 indicates high severity. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog. Because authentication is not required and the flaw resides in a web‑accessible CGI script, an attacker can trigger the overflow directly from the internet or an adjacent network, making exploitation relatively straightforward.

Generated by OpenCVE AI on May 4, 2026 at 21:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the device firmware to a version that contains the stack‑overflow fix.
  • Restrict external network access to the firewall.cgi and makeRequest.cgi interfaces, or disable them if not needed.
  • Implement network segmentation so that the management interface of the WiFi extender is only reachable from trusted internal networks.

Generated by OpenCVE AI on May 4, 2026 at 21:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 04 May 2026 20:00:00 +0000

Type Values Removed Values Added
Description WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains a stack-based buffer overflow vulnerability in the firewall.cgi and makeRequest.cgi binaries that allows unauthenticated attackers to overwrite the saved return address by sending a POST request with a Content-Length header exceeding 512 bytes. Attackers can exploit insufficient length validation in the fgets() call to achieve arbitrary code execution through return-oriented programming or return-to-libc techniques.
Title WDR201A WiFi Extender Stack-Based Buffer Overflow via firewall.cgi
Weaknesses CWE-121
References
Metrics cvssV4_0

{'score': 8.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-04T19:20:59.885Z

Reserved: 2026-04-22T18:50:43.620Z

Link: CVE-2026-41927

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-04T20:16:19.587

Modified: 2026-05-04T20:16:19.587

Link: CVE-2026-41927

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T21:30:09Z

Weaknesses