WDR201A WiFi Extender OS Command Injection via makeRequest.cgi

Description

A vulnerability, classified as critical, was found in Yipu WDR201A WiFi Extender up to 1.02. Affected by this vulnerability is the function set_time/StartSniffer of the file makeRequest.cgi of the component POST Request Handler. The manipulation results in OS command injection. This vulnerability is known as CVE-2026-41924. It is possible to launch the attack remotely.

Affected Products

Vendor	Product	Versions
wdr201a	wifi extender	0, 1.02

References

Related News (1 articles)

Tier C

VulDB5h ago

CVE-2026-41924 | Yipu WDR201A WiFi Extender up to 1.02 POST Request makeRequest.cgi set_time/StartSniffer os command injection

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-78

PublishedMay 4, 2026

Last enriched4h agov2

Trending Score71

Source articles1

Independent1

Info Completeness7/14

Missing: cvss, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (4)

Version History

Last enriched 4h ago

v2Tier C4h ago

Updated severity to CRITICAL, added affected version 1.02, and corrected vendor and product information.

descriptionaffectedVersionsseverityactivelyExploited

via VulDB

v16h ago

Initial creation