WDR201A WiFi Extender OS Command Injection via firewall.cgi_CVE-2026-41926

{
    "lastseen": "",
    "description": "WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the firewall.cgi binary across five request handlers that apply insufficient input validation. Attackers can inject arbitrary shell commands through vulnerable parameters like websURLFilter, websHostFilter, portForward, singlePortForward, and ipportFilter using subshell syntax or unfiltered parameters, with payloads persisting in NVRAM and re-executing on every subsequent firewall.cgi request.",
    "published": "2026-05-04T19:17:52.100Z",
    "modified": "2026-05-04T19:17:52.100Z",
    "type": "cve",
    "title": "WDR201A WiFi Extender OS Command Injection via firewall.cgi",
    "source": "VulnCheck",
    "references": "https://mstreet97.github.io/security-research/iot/vulnerability-disclosure/ai-assisted-research/cybersecurity/cve/2026/05/04/Teaching_the_Machine_Where_to_Look.html\nhttps://www.made-in-china.com/showroom/yeapook/#:~:text=Established%20in%202015.%2CDistrict%2C%20Shenzhen%2C%20Guangdong%2C%20China",
    "id": "CVE-2026-41926",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "Shenzhen Yipu Commercial and Trading Co., Ltd WDR201A WiFi Extender 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "WDR201A WiFi Extender",
    "version": "0",
    "vendor": "Shenzhen Yipu Commercial and Trading Co., Ltd",
    "ai_description": "OS command injection vulnerability in the firewall.cgi binary",
    "ai_severity": "Critical",
    "ai_vendor": "Shenzhen Yipu Commercial and Trading Co., Ltd",
    "ai_product": "WDR201A WiFi Extender",
    "ai_version": "HW V2.1, FW LFMZX28040922V1.02",
    "ai_score": 9.3
}