High severityNVD Advisory· Published May 4, 2026· Updated May 5, 2026
CVE-2026-41927
CVE-2026-41927
Description
WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains a stack-based buffer overflow vulnerability in the firewall.cgi and makeRequest.cgi binaries that allows unauthenticated attackers to overwrite the saved return address by sending a POST request with a Content-Length header exceeding 512 bytes. Attackers can exploit insufficient length validation in the fgets() call to achieve arbitrary code execution through return-oriented programming or return-to-libc techniques.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: HW V2.1, FW LFMZX28040922V1.02
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.