Zero Day MonitorZDM

← Back to list

—

CVE-2026-41922EXPLOITED

shenzhen yipu commercial and trading co. · wdr201a wifi extender

WDR201A WiFi Extender OS Command Injection via wireless.cgi

Description

WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the wireless.cgi binary that allow unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the sz11gChannel or PIN POST parameters. Attackers can exploit unsanitized parameter handling in the set_wifi_basic and set_wifi_do_wps functions to achieve remote code execution without authentication.

Affected Products

Vendor	Product	Versions
shenzhen yipu commercial and trading co.	wdr201a wifi extender	0

References

https://mstreet97.github.io/security-research/iot/vulnerability-disclosure/ai-assisted-research/cybersecurity/cve/2026/05/04/Teaching_the_Machine_Where_to_Look.html(technical-description, exploit)
https://www.made-in-china.com/showroom/yeapook/#:~:text=Established%20in%202015.%2CDistrict%2C%20Shenzhen%2C%20Guangdong%2C%20China(product)
https://www.vulncheck.com/advisories/wdr201a-wifi-extender-os-command-injection-via-wireless-cgi(third-party-advisory)

Related News (1 articles)

Tier C

VulDB4h ago

CVE-2026-41922 | Shenzhen Yipu WDR201A WiFi Extender up to 1.02 wireless.cgi set_wifi_basic sz11gChannel/PIN os command injection

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-78

PublishedMay 4, 2026

Last enriched3h agov2

Tags

CVE-2026-41922

Trending Score72

Source articles1

Independent1

Info Completeness7/14

Missing: cvss, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-41924EXP

WDR201A WiFi Extender OS Command Injection via makeRequest.cgi

CRITICALCVE-2026-41925

WDR201A WiFi Extender OS Command Injection via adm.cgi (reboot_time)

CRITICALCVE-2026-41927EXP

WDR201A WiFi Extender Stack-Based Buffer Overflow via firewall.cgi

CRITICALCVE-2026-41926EXP

WDR201A WiFi Extender OS Command Injection via firewall.cgi

CRITICALCVE-2026-41923

WDR201A WiFi Extender OS Command Injection via internet.cgi

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

May 4, 2026

Discovered by ZDM

May 4, 2026

Actively Exploited

May 4, 2026

Updated: severity, activelyExploited, tags

May 4, 2026

Version History

v2

Last enriched 3h ago

v2Tier C3h ago

Updated severity to CRITICAL, marked as actively exploited, and added CVE-2026-41922 tag.

severityactivelyExploitedtags

via VulDB

v15h ago

Initial creation