exploitDog

GHSA-4mf8-x363-f56c

Опубликовано: 18 мар. 2026

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

The WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) implements a broken authentication mechanism in its web management interface. The login page does not properly enforce session validation, allowing attackers to bypass authentication by directly accessing restricted web application endpoints through forced browsing

The WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) implements a broken authentication mechanism in its web management interface. The login page does not properly enforce session validation, allowing attackers to bypass authentication by directly accessing restricted web application endpoints through forced browsing

Ссылки

EPSS

Процентиль: 28%

0.00099

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-285

Связанные уязвимости

CVE-2026-30702

CVSS3: 9.8

nvd

26 дней назад

The WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) implements a broken authentication mechanism in its web management interface. The login page does not properly enforce session validation, allowing attackers to bypass authentication by directly accessing restricted web application endpoints through forced browsing

EPSS

Процентиль: 28%

0.00099

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-285