CVE-2026-41923 in WDR201A WiFi Extenderinfo

Zusammenfassung

von MITRE • 04.05.2026

WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the internet.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the gateway POST parameter. Attackers can exploit unsanitized parameter concatenation in the set_add_routing function to inject shell commands that are executed via popen() with partial output reflected in the HTTP response.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

VulnCheck

Reservieren

22.04.2026

Veröffentlichung

04.05.2026

Moderieren

akzeptiert

Eintrag

VDB-361039

CPE

bereit

CWE

CWE-78 (bestätigt)

CVSS

9.8 (VulDB)

EPSS

0.00707

KEV

nein

Aktivitäten

very low

Sektor

Telecommunication, Lawfirm, ...

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-41923
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-41923
CVE Details	https://www.cvedetails.com/cve/CVE-2026-41923/

◂ Zurück Übersicht Weiter ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!