NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-41922

Summary	WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the wireless.cgi binary that allow unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the sz11gChannel or PIN POST parameters. Attackers can exploit unsanitized parameter handling in the set_wifi_basic and set_wifi_do_wps functions to achieve remote code execution without authentication.
Publication Date	May 5, 2026, 5:16 a.m.
Registration Date	May 6, 2026, 4:07 a.m.
Last Update	May 5, 2026, 5:16 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://mstreet97.github.io/security-research/iot/vulnerability-disclosure/ai-assisted-research/cybersecurity/cve/2026/05/04/Teaching_the_Machine_Where_to_Look.html	disclosure@vulncheck.com
2	https://www.made-in-china.com/showroom/yeapook/#:~:text=Established%20in%202015.%2CDistrict%2C%20Shenzhen%2C%20Guangdong%2C%20China	disclosure@vulncheck.com
3	https://www.vulncheck.com/advisories/wdr201a-wifi-extender-os-command-injection-via-wireless-cgi	disclosure@vulncheck.com

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-78	OSコマンド・インジェクション	https://cwe.mitre.org/data/definitions/78.html