RCE in Shenzhen Yipu Commercial And Trading Co., Ltd Wdr201a Wifi Extender

CVE-2026-41924

WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the makeRequest.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious inp…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.003 (53.5th percentile) — read the EPSS interpretation.