Home
Description
A command injection vulnerability exists in the web management interface of the WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02). The adm.cgi endpoint improperly sanitizes user-supplied input provided to a command-related parameter in the sysCMD functionality.
References
mstreet97.github.io/...CVEs-in-a-Consumer-WiFi-Extender.html
www.made-in-china.com/showroom/yeapook/
mstreet97.github.io/...CVEs-in-a-Consumer-WiFi-Extender.html