Vulnerability Description
WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains a stack-based buffer overflow vulnerability in the firewall.cgi and makeRequest.cgi binaries that allows unauthenticated attackers to overwrite the saved return address by sending a POST request with a Content-Length header exceeding 512 bytes. Attackers can exploit insufficient length validation in the fgets() call to achieve arbitrary code execution through return-oriented programming or return-to-libc techniques.
Related Weaknesses (CWE)
References
- https://mstreet97.github.io/security-research/iot/vulnerability-disclosure/ai-as
- https://www.made-in-china.com/showroom/yeapook/#:~:text=Established%20in%202015.
- https://www.vulncheck.com/advisories/wdr201a-wifi-extender-stack-based-buffer-ov
FAQ
What is CVE-2026-41927?
CVE-2026-41927 is a documented vulnerability. WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains a stack-based buffer overflow vulnerability in the firewall.cgi and makeRequest.cgi binaries that allows unauthenticated attackers to ov...
How severe is CVE-2026-41927?
CVSS scoring is not yet available for CVE-2026-41927. Check NVD for updates.
Is there a patch for CVE-2026-41927?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.