46 matches found
CVE-2026-41925
WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the adm.cgi binary's reboottime function that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the reboottime POST parameter. Attacke...
CVE-2026-41922
WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the wireless.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the sz11gChannel or PIN POST parameters. Attackers can...
CVE-2026-41924
WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the makeRequest.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the settime or StartSniffer functions. Attackers can...
CVE-2026-41927
WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains a stack-based buffer overflow vulnerability in the firewall.cgi and makeRequest.cgi binaries that allows unauthenticated attackers to overwrite the saved return address by sending a POST request with a Content-Length header exceeding 5...
CVE-2026-41926
WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the firewall.cgi binary across five request handlers that apply insufficient input validation. Attackers can inject arbitrary shell commands through vulnerable parameters like websURLFilter,...
CVE-2026-41927
WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains a stack-based buffer overflow vulnerability in the firewall.cgi and makeRequest.cgi binaries that allows unauthenticated attackers to overwrite the saved return address by sending a POST request with a Content-Length header exceeding 5...
CVE-2026-41927
The CVE-2026-41927 entry concerns the WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) with a stack-based buffer overflow in the firewall.cgi and makeRequest.cgi binaries. The vulnerability arises from insufficient length validation in a POST request’s Content-Length (>512 bytes) and an ...
CVE-2026-41927
WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains a stack-based buffer overflow vulnerability in the firewall.cgi and makeRequest.cgi binaries that allows unauthenticated attackers to overwrite the saved return address by sending a POST request with a Content-Length header exceeding 5...
CVE-2026-41927 WDR201A WiFi Extender Stack-Based Buffer Overflow via firewall.cgi
WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains a stack-based buffer overflow vulnerability in the firewall.cgi and makeRequest.cgi binaries that allows unauthenticated attackers to overwrite the saved return address by sending a POST request with a Content-Length header exceeding 5...
CVE-2026-41926
CVE-2026-41926 affects the WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02). The firewall.cgi binary exposes an OS command injection across five request handlers due to insufficient input validation. Attacks can inject arbitrary shell commands through parameters including websURLFilter, web...
CVE-2026-41926
WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the firewall.cgi binary across five request handlers that apply insufficient input validation. Attackers can inject arbitrary shell commands through vulnerable parameters like websURLFilter,...
CVE-2026-41925 WDR201A WiFi Extender OS Command Injection via adm.cgi (reboot_time)
WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the adm.cgi binary's reboottime function that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the reboottime POST parameter. Attacke...
CVE-2026-41925 WDR201A WiFi Extender OS Command Injection via adm.cgi (reboot_time)
WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the adm.cgi binary's reboottime function that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the reboottime POST parameter. Attacke...
CVE-2026-41925
CVE-2026-41925 affects WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02). The adm.cgi reboot_time function is vulnerable to OS command injection: unauthenticated remote attackers can inject shell commands via the reboot_time POST parameter when reboot_enabled=1, enabling remote code executio...
CVE-2026-41924
WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the makeRequest.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the settime or StartSniffer functions. Attackers can...
EUVD-2026-27121
WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the makeRequest.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the settime or StartSniffer functions. Attackers can...
CVE-2026-41924 WDR201A WiFi Extender OS Command Injection via makeRequest.cgi
WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the makeRequest.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the settime or StartSniffer functions. Attackers can...
CVE-2026-41923
WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the internet.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the gateway POST parameter. Attackers can exploit...
CVE-2026-41923 WDR201A WiFi Extender OS Command Injection via internet.cgi
WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the internet.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the gateway POST parameter. Attackers can exploit...
CVE-2026-41922
WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the wireless.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the sz11gChannel or PIN POST parameters. Attackers can...