Home

Description

WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the adm.cgi binary's reboot_time function that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the reboot_time POST parameter. Attackers can send a crafted request with shell metacharacters in the reboot_time parameter when reboot_enabled=1 to achieve remote code execution.

PUBLISHED Reserved 2026-04-22 | Published 2026-05-04 | Updated 2026-05-08 | Assigner VulnCheck




CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

Default status
unaffected

Any version
affected

Credits

Matteo Strada finder

References

mstreet97.github.io/...aching_the_Machine_Where_to_Look.html technical-description exploit

www.made-in-china.com/showroom/yeapook/ product

www.vulncheck.com/...mmand-injection-via-adm-cgi-reboot-time third-party-advisory

cve.org (CVE-2026-41925)

nvd.nist.gov (CVE-2026-41925)

Download JSON