23 matches found
CVE-2026-41924
WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the makeRequest.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the settime or StartSniffer functions. Attackers can...
CVE-2026-41927
WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains a stack-based buffer overflow vulnerability in the firewall.cgi and makeRequest.cgi binaries that allows unauthenticated attackers to overwrite the saved return address by sending a POST request with a Content-Length header exceeding 5...
CVE-2026-41927 WDR201A WiFi Extender Stack-Based Buffer Overflow via firewall.cgi
WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains a stack-based buffer overflow vulnerability in the firewall.cgi and makeRequest.cgi binaries that allows unauthenticated attackers to overwrite the saved return address by sending a POST request with a Content-Length header exceeding 5...
CVE-2026-41927
The CVE-2026-41927 entry concerns the WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) with a stack-based buffer overflow in the firewall.cgi and makeRequest.cgi binaries. The vulnerability arises from insufficient length validation in a POST request’s Content-Length (>512 bytes) and an ...
CVE-2026-41927
WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains a stack-based buffer overflow vulnerability in the firewall.cgi and makeRequest.cgi binaries that allows unauthenticated attackers to overwrite the saved return address by sending a POST request with a Content-Length header exceeding 5...
EUVD-2026-27127
WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains a stack-based buffer overflow vulnerability in the firewall.cgi and makeRequest.cgi binaries that allows unauthenticated attackers to overwrite the saved return address by sending a POST request with a Content-Length header exceeding 5...
CVE-2026-41924
WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the makeRequest.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the settime or StartSniffer functions. Attackers can...
EUVD-2026-27121
WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the makeRequest.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the settime or StartSniffer functions. Attackers can...
CVE-2026-41924 WDR201A WiFi Extender OS Command Injection via makeRequest.cgi
WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the makeRequest.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the settime or StartSniffer functions. Attackers can...
CVE-2026-41924
CVE-2026-41924 affects WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02). The vulnerability is an OS command injection in the makeRequest.cgi binary, allowing unauthenticated remote attackers to execute arbitrary shell commands by injecting crafted input into the set_time or StartSniffer fun...
PT-2026-36912
Name of the Vulnerable Software and Affected Versions WDR201A WiFi Extender HW V2.1 FW LFMZX28040922V1.02 Description An OS command injection issue exists in the 'makeRequest.cgi' binary. Unauthenticated remote attackers can execute arbitrary shell commands by injecting malicious input into the s...
PT-2026-36918
Name of the Vulnerable Software and Affected Versions WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 Description A stack-based buffer overflow exists in the 'firewall.cgi' and 'makeRequest.cgi' binaries. Unauthenticated attackers can overwrite the saved return address by sending a POST...
Yeapook WDR201A WiFi Extender 操作系统命令注入漏洞
The Yeapook WDR201A WiFi Extender is a wireless signal extension device produced by the Yeapook company. The Yeapook WDR201A WiFi Extender in the HW V2.1 version and FW LFMZX28040922V1.02 version contain an operating system command injection vulnerability. This vulnerability stems from the settim...
CVE-2025-60696
A stack-based buffer overflow vulnerability exists in the makeRequest.cgi binary of Linksys RE7000 routers Firmware FWv2.0.152112301012. The arplookup function parses lines from /proc/net/arp using sscanf"%16s ... %18s ...", storing results into buffers v6 12 bytes and v7 20 bytes. Since the form...
CVE-2025-60696
A stack-based buffer overflow vulnerability exists in the makeRequest.cgi binary of Linksys RE7000 routers Firmware FWv2.0.152112301012. The arplookup function parses lines from /proc/net/arp using sscanf"%16s ... %18s ...", storing results into buffers v6 12 bytes and v7 20 bytes. Since the form...
CVE-2025-60696
A stack-based buffer overflow vulnerability exists in the makeRequest.cgi binary of Linksys RE7000 routers Firmware FWv2.0.152112301012. The arplookup function parses lines from /proc/net/arp using sscanf"%16s ... %18s ...", storing results into buffers v6 12 bytes and v7 20 bytes. Since the form...
CVE-2025-60696
A stack-based buffer overflow vulnerability exists in the makeRequest.cgi binary of Linksys RE7000 routers Firmware FWv2.0.152112301012. The arplookup function parses lines from /proc/net/arp using sscanf"%16s ... %18s ...", storing results into buffers v6 12 bytes and v7 20 bytes. Since the form...
Linksys RE7000 安全漏洞
Linksys RE7000 is a wireless signal extender from Linksys, Inc. A security vulnerability exists in the Linksys RE7000 FWv2.0.152112301012 version, which originates from a stack buffer overflow in the makeRequest.cgi binary file, which could lead to a denial of service or execution of arbitrary co...
CVE-2025-60696
A stack-based buffer overflow vulnerability exists in the makeRequest.cgi binary of Linksys RE7000 routers Firmware FWv2.0.152112301012. The arplookup function parses lines from /proc/net/arp using sscanf"%16s ... %18s ...", storing results into buffers v6 12 bytes and v7 20 bytes. Since the form...
CVE-2025-60696
Linksys RE7000 devices with firmware FW_v2.0.15_211230_1012 are affected by CVE-2025-60696: a stack-based buffer overflow in the makeRequest.cgi binary’s arplookup path. The vulnerability arises from parsing /proc/net/arp with sscanf("%16s ... %18s ..."), writing into small buffers (v6 12 bytes, ...