CVE-2026-41923: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Shenzhen Yipu Commercial and Trading Co., Ltd WDR201A WiFi Extender
WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the internet.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the gateway POST parameter. Attackers can exploit unsanitized parameter concatenation in the set_add_routing function to inject shell commands that are executed via popen() with partial output reflected in the HTTP response.
AI Analysis
Technical Summary
CVE-2026-41923 is an OS command injection vulnerability affecting the WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) from Shenzhen Yipu Commercial and Trading Co., Ltd. The vulnerability exists in the internet.cgi binary, specifically in the set_add_routing function, which improperly sanitizes the gateway POST parameter. This allows unauthenticated remote attackers to inject shell commands executed via popen(), with partial command output returned in HTTP responses. The vulnerability has a CVSS 4.0 score of 9.3, reflecting its critical impact and ease of exploitation without authentication or user interaction. No patch or official remediation is currently documented.
Potential Impact
Successful exploitation allows unauthenticated remote attackers to execute arbitrary shell commands on the affected device, potentially leading to full compromise of the device. This could enable attackers to manipulate device configuration, intercept or redirect network traffic, or use the device as a foothold for further attacks. The reflected partial command output in HTTP responses may aid attackers in crafting further exploits or confirming successful command execution.
Mitigation Recommendations
No official patch or remediation guidance is currently available from the vendor. Since this is a device firmware vulnerability and the product is not a cloud service, remediation depends on the vendor releasing a firmware update that addresses the issue. Until a fix is available, affected devices should be isolated from untrusted networks to prevent exploitation. Monitor vendor communications for updates and apply firmware updates promptly once released.
CVE-2026-41923: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Shenzhen Yipu Commercial and Trading Co., Ltd WDR201A WiFi Extender
Description
WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the internet.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the gateway POST parameter. Attackers can exploit unsanitized parameter concatenation in the set_add_routing function to inject shell commands that are executed via popen() with partial output reflected in the HTTP response.
CVSS v4.0
Score 9.3critical
Affected software
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-41923 is an OS command injection vulnerability affecting the WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) from Shenzhen Yipu Commercial and Trading Co., Ltd. The vulnerability exists in the internet.cgi binary, specifically in the set_add_routing function, which improperly sanitizes the gateway POST parameter. This allows unauthenticated remote attackers to inject shell commands executed via popen(), with partial command output returned in HTTP responses. The vulnerability has a CVSS 4.0 score of 9.3, reflecting its critical impact and ease of exploitation without authentication or user interaction. No patch or official remediation is currently documented.
Potential Impact
Successful exploitation allows unauthenticated remote attackers to execute arbitrary shell commands on the affected device, potentially leading to full compromise of the device. This could enable attackers to manipulate device configuration, intercept or redirect network traffic, or use the device as a foothold for further attacks. The reflected partial command output in HTTP responses may aid attackers in crafting further exploits or confirming successful command execution.
Mitigation Recommendations
No official patch or remediation guidance is currently available from the vendor. Since this is a device firmware vulnerability and the product is not a cloud service, remediation depends on the vendor releasing a firmware update that addresses the issue. Until a fix is available, affected devices should be isolated from untrusted networks to prevent exploitation. Monitor vendor communications for updates and apply firmware updates promptly once released.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2026-04-22T18:50:43.619Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69f8f1b7cbff5d861042a393
Added to database: 5/4/2026, 7:21:27 PM
Last enriched: 5/12/2026, 4:05:07 AM
Last updated: 6/19/2026, 4:28:05 AM
Views: 75
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.