RCE in Shenzhen Yipu Commercial And Trading Co., Ltd Wdr201a Wifi Extender

CVE-2026-41926

WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the firewall.cgi binary across five request handlers that apply insufficient input validation. Attackers can inject arbitrary shell co…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.006 (70.3th percentile) — read the EPSS interpretation.