{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-30701", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-23T15:56:53.466Z", "dateReserved": "2026-03-04T00:00:00.000Z", "datePublished": "2026-03-18T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-18T16:59:58.463Z"}, "descriptions": [{"lang": "en", "value": "The web interface of the WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) contains hardcoded credential disclosure mechanisms (in the form of Server Side Include) within multiple server-side web pages, including login.shtml and settings.shtml. These pages embed server-side execution directives that dynamically retrieve and expose the web administration password from non-volatile memory at runtime."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.made-in-china.com/showroom/yeapook/#:~:text=Established%20in%202015.%2CDistrict%2C%20Shenzhen%2C%20Guangdong%2C%20China"}, {"url": "https://mstreet97.github.io/security-research/iot/vulnerability-disclosure/cybersecurity/cve/2026/02/18/From-Blackbox-to-Whitebox-Multiple-CVEs-in-a-Consumer-WiFi-Extender.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-798", "lang": "en", "description": "CWE-798 Use of Hard-coded Credentials"}]}], "references": [{"url": "https://mstreet97.github.io/security-research/iot/vulnerability-disclosure/cybersecurity/cve/2026/02/18/From-Blackbox-to-Whitebox-Multiple-CVEs-in-a-Consumer-WiFi-Extender.html", "tags": ["exploit"]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-23T15:21:50.763197Z", "id": "CVE-2026-30701", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T15:56:53.466Z"}}]}, "dataVersion": "5.2"}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The web interface of the WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) contains hardcoded credential disclosure mechanisms (in the form of Server Side Include) within multiple server-side web pages, including login.shtml and settings.shtml. These pages embed server-side execution directives that dynamically retrieve and expose the web administration password from non-volatile memory at runtime."}], "id": "CVE-2026-30701", "lastModified": "2026-03-23T16:16:45.580", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-18T18:16:27.737", "references": [{"source": "cve@mitre.org", "url": "https://mstreet97.github.io/security-research/iot/vulnerability-disclosure/cybersecurity/cve/2026/02/18/From-Blackbox-to-Whitebox-Multiple-CVEs-in-a-Consumer-WiFi-Extender.html"}, {"source": "cve@mitre.org", "url": "https://www.made-in-china.com/showroom/yeapook/#:~:text=Established%20in%202015.%2CDistrict%2C%20Shenzhen%2C%20Guangdong%2C%20China"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://mstreet97.github.io/security-research/iot/vulnerability-disclosure/cybersecurity/cve/2026/02/18/From-Blackbox-to-Whitebox-Multiple-CVEs-in-a-Consumer-WiFi-Extender.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "LFMZX28040922V1.02"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "wifi_extender_wdr201a", "vendor": "shenzhen_yuner_yipu"}], "analysis": {"en": {"generated_at": "2026-03-23T17:28:53.538353+00:00", "value": {"mitigation_remediation": ["Obtain and install the latest firmware release from Yeapook that removes hard\u2011coded credential disclosure"], "summary": {"action": "Apply Firmware Update", "impact": "Credential Disclosure"}, "threat_synthesis": {"affected_systems": "Devices affected by this vulnerability are the WiFi Extender WDR201A, hardware version 2.1 running firmware LFMZX28040922V1.02 from the manufacturer Yeapook. No other vendor or product versions are currently listed as impacted.", "description_and_impact": "Server\u2011side include directives embedded in multiple web pages such as login.shtml and settings.shtml reveal the administrator password stored in non\u2011volatile memory when the pages are rendered. This flaw allows an attacker who can reach the device\u2019s web interface to obtain the password and gain full control over the extender, bypassing authentication. The weakness stems from hard\u2011coded credential disclosure (CWE\u2011798) and results in a direct compromise of confidentiality, integrity, and availability of the network portion managed by the device.", "risk_and_exploitability": "The CVSS score of 9.1 indicates a high severity rating, while the EPSS score below 1% suggests limited current exploitation. Nevertheless, the flaw is publicly documented and could be exploited remotely by anyone with network access to the extender\u2019s web management interface. The vulnerability is not yet listed in the CISA KEV catalog, but operators should treat it as a high\u2011risk exposure and act promptly. The likely attack vector is a web\u2011based request to any of the affected pages; an attacker need only deliver a simple HTTP request to the device\u2019s IP address to trigger the credential disclosure."}}}}, "created": "2026-03-19T08:57:03.219485+00:00", "updated": "2026-03-24T10:54:01.794415+00:00", "vendors": ["shenzhen_yuner_yipu", "shenzhen_yuner_yipu$PRODUCT$wifi_extender_wdr201a"]}