CVE-2026-41927

N/A Unknown
Published: May 04, 2026 Modified: May 05, 2026
View on NVD

Description

WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains a stack-based buffer overflow vulnerability in the firewall.cgi and makeRequest.cgi binaries that allows unauthenticated attackers to overwrite the saved return address by sending a POST request with a Content-Length header exceeding 512 bytes. Attackers can exploit insufficient length validation in the fgets() call to achieve arbitrary code execution through return-oriented programming or return-to-libc techniques.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
0.4%
31th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)