CVE-2026-41927
WDR201A WiFi Extender Stack-Based Buffer Overflow via firewall.cgi
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains a stack-based buffer overflow vulnerability in the firewall.cgi and makeRequest.cgi binaries that allows unauthenticated attackers to overwrite the saved return address by sending a POST request with a Content-Length header exceeding 512 bytes. Attackers can exploit insufficient length validation in the fgets() call to achieve arbitrary code execution through return-oriented programming or return-to-libc techniques.
| CWE | CWE-121 |
| Vendor | shenzhen yipu commercial and trading co., ltd |
| Product | wdr201a wifi extender |
| Published | May 4, 2026 |
Stay Ahead of the Next One
Get instant alerts for shenzhen yipu commercial and trading co., ltd wdr201a wifi extender
Be the first to know when new unknown vulnerabilities affecting shenzhen yipu commercial and trading co., ltd wdr201a wifi extender are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Shenzhen Yipu Commercial and Trading Co., Ltd / WDR201A WiFi Extender
0 โค 1.02
References
mstreet97.github.io: https://mstreet97.github.io/security-research/iot/vulnerability-disclosure/ai-assisted-research/cybersecurity/cve/2026/05/04/Teaching_the_Machine_Where_to_Look.html made-in-china.com: https://www.made-in-china.com/showroom/yeapook/#:~:text=Established%20in%202015.%2CDistrict%2C%20Shenzhen%2C%20Guangdong%2C%20China vulncheck.com: https://www.vulncheck.com/advisories/wdr201a-wifi-extender-stack-based-buffer-overflow-via-firewall-cgi
Credits
Daniele Berardinelli Matteo Strada