{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-30703", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-23T15:56:39.241Z", "dateReserved": "2026-03-04T00:00:00.000Z", "datePublished": "2026-03-18T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-18T17:01:08.468Z"}, "descriptions": [{"lang": "en", "value": "A command injection vulnerability exists in the web management interface of the WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02). The adm.cgi endpoint improperly sanitizes user-supplied input provided to a command-related parameter in the sysCMD functionality."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.made-in-china.com/showroom/yeapook/#:~:text=Established%20in%202015.%2CDistrict%2C%20Shenzhen%2C%20Guangdong%2C%20China"}, {"url": "https://mstreet97.github.io/security-research/iot/vulnerability-disclosure/cybersecurity/cve/2026/02/18/From-Blackbox-to-Whitebox-Multiple-CVEs-in-a-Consumer-WiFi-Extender.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-78", "lang": "en", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "references": [{"url": "https://mstreet97.github.io/security-research/iot/vulnerability-disclosure/cybersecurity/cve/2026/02/18/From-Blackbox-to-Whitebox-Multiple-CVEs-in-a-Consumer-WiFi-Extender.html", "tags": ["exploit"]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-23T15:49:48.788193Z", "id": "CVE-2026-30703", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T15:56:39.241Z"}}]}, "dataVersion": "5.2"}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A command injection vulnerability exists in the web management interface of the WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02). The adm.cgi endpoint improperly sanitizes user-supplied input provided to a command-related parameter in the sysCMD functionality."}], "id": "CVE-2026-30703", "lastModified": "2026-03-23T16:16:45.920", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-18T18:16:27.967", "references": [{"source": "cve@mitre.org", "url": "https://mstreet97.github.io/security-research/iot/vulnerability-disclosure/cybersecurity/cve/2026/02/18/From-Blackbox-to-Whitebox-Multiple-CVEs-in-a-Consumer-WiFi-Extender.html"}, {"source": "cve@mitre.org", "url": "https://www.made-in-china.com/showroom/yeapook/#:~:text=Established%20in%202015.%2CDistrict%2C%20Shenzhen%2C%20Guangdong%2C%20China"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://mstreet97.github.io/security-research/iot/vulnerability-disclosure/cybersecurity/cve/2026/02/18/From-Blackbox-to-Whitebox-Multiple-CVEs-in-a-Consumer-WiFi-Extender.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "LFMZX28040922V1.02"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "wdr201a", "vendor": "shenzhen_yuner_yipu"}], "analysis": {"en": {"generated_at": "2026-03-23T17:54:05.211637+00:00", "value": {"mitigation_remediation": ["Apply the latest firmware update that resolves the command injection flaw for the WiFi Extender WDR201A.", "If a firmware patch is unavailable, disable or remove the sysCMD feature from the web management interface or restrict access to the management port to a trusted local network segment.", "Implement firewall rules to block external access to the extender\u2019s web interface and enforce strong authentication if the device supports it.", "Consider replacing the device with a model that has no known vulnerabilities if patching or disabling features is not feasible."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The vulnerability impacts the WiFi Extender WDR201A, hardware version\u202f2.1 running firmware LFMZX28040922V1.02. No other models or firmware versions are listed as affected.", "description_and_impact": "A command injection flaw exists in the adm.cgi endpoint of the WiFi Extender WDR201A\u2019s web management interface. The sysCMD functionality fails to sanitize user input for a command\u2011related parameter, allowing an attacker to execute arbitrary shell commands on the device. This weakness, identified as CWE\u201178, could be used to compromise the integrity, confidentiality, and availability of the extender and the network it serves.", "risk_and_exploitability": "The CVSS score of 9.8 indicates critical severity, while the EPSS score of less than 1% suggests low current exploitation prevalence. The flaw is not cataloged in the CISA KEV list. The attack vector is inferred to be remote, via the device\u2019s exposed HTTP-based management interface, and would require only unauthenticated or low\u2011privilege access to the web UI."}}}}, "created": "2026-03-19T08:57:01.364619+00:00", "title": "Command Injection in WiFi Extender Web Interface Leading to Remote Code Execution", "updated": "2026-03-24T10:53:59.930469+00:00", "vendors": ["shenzhen_yuner_yipu", "shenzhen_yuner_yipu$PRODUCT$wdr201a"]}