CVE-2026-30702 | THREATINT

Description

The WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) implements a broken authentication mechanism in its web management interface. The login page does not properly enforce session validation, allowing attackers to bypass authentication by directly accessing restricted web application endpoints through forced browsing

PUBLISHED Reserved 2026-03-04 | Published 2026-03-18 | Updated 2026-03-23 | Assigner mitre

References

mstreet97.github.io/...CVEs-in-a-Consumer-WiFi-Extender.html exploit

www.made-in-china.com/showroom/yeapook/

mstreet97.github.io/...CVEs-in-a-Consumer-WiFi-Extender.html

cve.org (CVE-2026-30702)

nvd.nist.gov (CVE-2026-30702)

Download JSON