RCE in Shenzhen Yipu Commercial And Trading Co., Ltd Wdr201a Wifi Extender

CVE-2026-41925

WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the adm.cgi binary's reboot_time function that allows unauthenticated remote attackers to execute arbitrary shell commands by injectin…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.006 (70.9th percentile) — read the EPSS interpretation.