CVE-2026-30703 identifies a critical command injection vulnerability in the WiFi Extender WDR201A, specifically hardware version 2.1 running firmware LFMZX28040922V1.02. The vulnerability resides in the adm.cgi web management interface endpoint, which exposes a sysCMD functionality that improperly sanitizes user-supplied input passed to command-related parameters. This improper input validation allows attackers to inject arbitrary shell commands that the system executes with the privileges of the web server process. Since the vulnerability is remotely exploitable over the network without requiring authentication or user interaction, it presents a severe risk. The CVSS v3.1 base score of 9.8 reflects the ease of exploitation (network vector, no privileges required, no user interaction) and the high impact on confidentiality, integrity, and availability of the device and potentially the broader network. The vulnerability is classified under CWE-78 (Improper Neutralization of Special Elements used in an OS Command). No patches or mitigations have been officially released yet, and no known exploits have been observed in the wild as of the publication date. However, the critical nature of the flaw demands immediate attention from users and administrators of the affected device to prevent exploitation.

The exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the WiFi Extender WDR201A without authentication, potentially leading to full device compromise. Attackers could manipulate device configurations, intercept or redirect network traffic, deploy malware, or pivot to other devices within the network. This could result in loss of confidentiality through data interception, loss of integrity by altering device or network configurations, and loss of availability by disrupting device functionality or causing denial of service. Given the device’s role as a network extender, compromise could facilitate broader network infiltration, impacting organizational security posture. The critical severity and ease of exploitation make this a significant threat to organizations relying on this hardware for network connectivity and security.

Since no official patches are currently available, organizations should immediately restrict access to the web management interface of the WiFi Extender WDR201A by isolating the device management network segment and limiting management access to trusted IP addresses only. Disable remote management features if possible. Monitor network traffic for unusual command execution patterns or unexpected outbound connections originating from the device. Employ network segmentation to limit potential lateral movement if the device is compromised. Consider replacing the affected hardware with devices from vendors that provide timely security updates. Regularly check for firmware updates from the vendor and apply patches as soon as they become available. Additionally, implement intrusion detection systems capable of detecting command injection attempts targeting the adm.cgi endpoint.