CVE-2026-41927

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains a stack-based buffer overflow vulnerability in the firewall.cgi and makeRequest.cgi binaries that allows unauthenticated attackers to overwrite the saved return address by sending a POST request with a Content-Length header exceeding 5...

CVE-2026-41926 WDR201A WiFi Extender OS Command Injection via firewall.cgi

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the firewall.cgi binary across five request handlers that apply insufficient input validation. Attackers can inject arbitrary shell commands through vulnerable parameters like websURLFilter,...

CVE-2026-41926 WDR201A WiFi Extender OS Command Injection via firewall.cgi

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the firewall.cgi binary across five request handlers that apply insufficient input validation. Attackers can inject arbitrary shell commands through vulnerable parameters like websURLFilter,...

EUVD-2026-27125

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the firewall.cgi binary across five request handlers that apply insufficient input validation. Attackers can inject arbitrary shell commands through vulnerable parameters like websURLFilter,...

Yeapook WDR201A WiFi Extender 安全漏洞

The Yeapook WDR201A WiFi Extender is a wireless signal extension device produced by the Yeapook company. The Yeapook WDR201A WiFi Extender in the HW V2.1 version and FW LFMZX28040922V1.02 version contain security vulnerabilities. These vulnerabilities stem from stack-based buffer overflows in the...

PT-2026-36914

Name of the Vulnerable Software and Affected Versions WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 Description An OS command injection issue exists in the firewall.cgi binary across five request handlers due to insufficient input validation. Attackers can inject arbitrary shell commands...

EUVD-2026-16937

A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This impacts the function sub4019FC of the file /cgi-bin/firewall.cgi of the component UPNP Handler. Executing a manipulation of the argument UpnpEnabled can lead to stack-based buffer overflow. It is possible to launch the attack...

CVE-2026-5004

A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This impacts the function sub4019FC of the file /cgi-bin/firewall.cgi of the component UPNP Handler. Executing a manipulation of the argument UpnpEnabled can lead to stack-based buffer overflow. It is possible to launch the attack...

PT-2026-28722

Name of the Vulnerable Software and Affected Versions Wavlink WL-WN579X3-C version 231124 Description A stack-based buffer overflow exists in the UPNP Handler component of the Wavlink WL-WN579X3-C. The issue is located in the sub 4019FC function of the /cgi-bin/firewall.cgi file. Manipulation of...

EUVD-2026-14295

A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is an unknown function of the file /cgi-bin/firewall.cgi of the component POST Request Handler. Performing a manipulation of the argument dmzflag/delflag results in command injection. It is possible to initiate the attac...

CVE-2026-4543 Wavlink WL-WN578W2 POST Request firewall.cgi command injection

A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is an unknown function of the file /cgi-bin/firewall.cgi of the component POST Request Handler. Performing a manipulation of the argument dmzflag/delflag results in command injection. It is possible to initiate the attac...

EUVD-2026-10221

A vulnerability was found in Wavlink WL-WN579X3-C 231124. This affects the function sub40139C of the file /cgi-bin/firewall.cgi. Performing a manipulation of the argument delflag results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made publ...

CVE-2026-3715

A vulnerability was found in Wavlink WL-WN579X3-C 231124. This affects the function sub40139C of the file /cgi-bin/firewall.cgi. Performing a manipulation of the argument delflag results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made publ...

Wavlink WL-WN579X3-C 安全漏洞

Wavlink WL-WN579X3-C is a wireless network extender produced by Wavlink Corporation. The Wavlink WL-WN579X3-C 231124 version contains a security vulnerability. This vulnerability arises from incorrect handling of the parameter “delflag” in the file /cgi-bin/firewall.cgi, which may lead to a stack...

PT-2026-20333

Name of the Vulnerable Software and Affected Versions Wavlink WL-NU516U1 versions up to 20251208 Description A flaw exists in Wavlink WL-NU516U1 that could allow for remote command injection. The issue is located in the singlePortForwardDelete function within the /cgi-bin/firewall.cgi file...

PT-2026-6979

Name of the Vulnerable Software and Affected Versions D-Link DIR-615 version 4.10 Description A flaw exists in the DMZ Host Feature of the D-Link DIR-615. Specifically, the issue resides within the adv firewall.php file. Manipulation of the dmz ipaddr argument can lead to operating system command...

EUVD-2025-31150

Malicious code in bioql PyPI...

CVE-2025-10959

A vulnerability has been found in Wavlink NU516U1 M16U1V240425. The affected element is the function sub401778 of the file /cgi-bin/firewall.cgi. Such manipulation of the argument dmzflag leads to command injection. The attack can be executed remotely. The exploit has been disclosed to the public...

CVE-2025-10964

A weakness has been identified in Wavlink NU516U1. Affected by this vulnerability is the function sub401B30 of the file /cgi-bin/firewall.cgi. This manipulation of the argument remoteManagementEnabled causes command injection. The attack can be initiated remotely. The exploit has been made...

CVE-2025-10963

A security flaw has been discovered in Wavlink NU516U1 M16U1V240425. Affected is the function sub4016F0 of the file /cgi-bin/firewall.cgi. The manipulation of the argument delflag results in command injection. It is possible to launch the attack remotely. The exploit has been released to the publ...