Buffer overflow in Shenzhen Yipu Commercial And Trading Co., Ltd Wdr201a Wifi Extender

CVE-2026-41927

WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains a stack-based buffer overflow vulnerability in the firewall.cgi and makeRequest.cgi binaries that allows unauthenticated attackers to overwrite the saved return address by sen…

Vulnerability class: Buffer Overflow

EPSS: 0.001 (17.5th percentile) — read the EPSS interpretation.

Affected products

Shenzhen Yipu Commercial And Trading Co., Ltd Wdr201a Wifi Extender — versions 0

Weakness classification (CWE)

CWE-121 — Stack-based Buffer Overflow

References

disclosure@vulncheck.com (technical-description, exploit)
disclosure@vulncheck.com (product)
disclosure@vulncheck.com (third-party-advisory)