WDR201A WiFi Extender OS Command Injection via adm.cgi (reboot_time)

Description

WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the adm.cgi binary's reboot_time function that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the reboot_time POST parameter. Attackers can send a crafted request with shell metacharacters in the reboot_time parameter when reboot_enabled=1 to achieve remote code execution.

Affected Products

Vendor	Product	Versions
wdr201a	wdr201a wifi extender	0, 1.02

References

Related News (1 articles)

Tier C

VulDB5h ago

CVE-2026-41925 | Shenzhen Yipu WDR201A WiFi Extender up to 1.02 Request adm.cgi reboot_time os command injection

→ No new info (linked only)

CISA KEV❌ No

Actively exploited❌ No

CWECWE-78

PublishedMay 4, 2026

Last enriched4h agov2

Trending Score52

Source articles1

Independent1

Info Completeness7/14

Missing: cvss, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

WDR201A WiFi Extender OS Command Injection via adm.cgi (reboot_time)

Description

Affected Products

References

Related News (1 articles)

Community Vote

Related CVEs (4)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History