A vulnerability, classified as critical, was found in Yipu WDR201A WiFi Extender up to 1.02. Affected by this vulnerability is the function set_time/StartSniffer of the file makeRequest.cgi of the component POST Request Handler. The manipulation results in OS command injection. This vulnerability is known as CVE-2026-41924. It is possible to launch the attack remotely.
| Vendor | Product | Versions |
|---|---|---|
| shenzhen yipu commercial and trading co. | wdr201a wifi extender | 0, 1.02 |
Updated severity to CRITICAL, added affected version 1.02, and corrected vendor and product information.
Initial creation
