CRITICAL
Shenzhen Yipu Commercial and Trading Co., Ltd
CVE published 2026-05-04
CVE-2026-41922
A critical OS command injection vulnerability affects the WDR201A WiFi Extender (Hardware Version 2.1, Firmware LFMZX28040922V1.02). The vulnerability resides in the wireless.cgi binary, specifically within the set_wifi_basic and set_wifi_do_wps functions. Unauthenticated remote attackers can inject arbitrary shell commands through the sz11gChannel or PIN POST parameters due to unsanitized input handling, [truncated]