RCE in Shenzhen Yipu Commercial And Trading Co., Ltd Wdr201a Wifi Extender

CVE-2026-41922

WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the wireless.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.014 (80.5th percentile) — read the EPSS interpretation.