Mstreet97

**Name of the Vulnerable Software and Affected Versions** WiFi Extender WDR201A versions LFMZX28040922V1.02 **Description** The web interface of the WiFi Extender WDR201A contains hardcoded credential disclosure mechanisms. Specifically, server-side include vulnerabilities exist within multiple web pages, including `login.shtml` and `settings.shtml`. These vulnerabilities allow the exposure of the web administration password from non-volatile memory at runtime. The vulnerable pages embed server-side execution directives that dynamically retrieve and expose the password. **Recommendations** Apply a firmware update that addresses the hardcoded credential disclosure in the web interface. As a temporary workaround, restrict access to the `login.shtml` and `settings.shtml` pages.

**Name of the Vulnerable Software and Affected Versions** WiFi Extender WDR201A versions LFMZX28040922V1.02 (HW V2.1) **Description** The WiFi Extender WDR201A has a flawed authentication process in its web management interface. The login page does not correctly validate sessions, enabling attackers to circumvent authentication by directly accessing restricted web application endpoints through forced browsing. This allows unauthorized access to the device's management functions. **Recommendations** Update to a newer firmware version that addresses the authentication issue.

**Name of the Vulnerable Software and Affected Versions** WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) **Description** A command injection issue exists in the web management interface. The `adm.cgi` endpoint does not properly sanitize user-supplied input for a command-related parameter within the `sysCMD` functionality. This could allow for unauthorized command execution. **Recommendations** Apply updates to address the improper input sanitization in the `adm.cgi` endpoint and the `sysCMD` functionality.

**Name of the Vulnerable Software and Affected Versions** D-Link WiFi Extender WDR201A versions HW V2.1, FW LFMZX28040922V1.02 **Description** The WiFi Extender WDR201A, hardware version 2.1, firmware LFMZX28040922V1.02, has an unprotected UART interface accessible through hardware pads on the printed circuit board (PCB). This allows direct access to the device's internal communication channels. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.