Home

Description

WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains a stack-based buffer overflow vulnerability in the firewall.cgi and makeRequest.cgi binaries that allows unauthenticated attackers to overwrite the saved return address by sending a POST request with a Content-Length header exceeding 512 bytes. Attackers can exploit insufficient length validation in the fgets() call to achieve arbitrary code execution through return-oriented programming or return-to-libc techniques.

PUBLISHED Reserved 2026-04-22 | Published 2026-05-04 | Updated 2026-05-08 | Assigner VulnCheck




HIGH: 8.3CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

Problem types

Stack-based Buffer Overflow

Product status

Default status
unaffected

Any version
affected

Credits

Daniele Berardinelli finder

Matteo Strada finder

References

mstreet97.github.io/...aching_the_Machine_Where_to_Look.html technical-description exploit

www.made-in-china.com/showroom/yeapook/ product

www.vulncheck.com/...-based-buffer-overflow-via-firewall-cgi third-party-advisory

cve.org (CVE-2026-41927)

nvd.nist.gov (CVE-2026-41927)

Download JSON