CVE-2026-30701

Name of the Vulnerable Software and Affected Versions WiFi Extender WDR201A versions LFMZX28040922V1.02

Description The web interface of the WiFi Extender WDR201A contains hardcoded credential disclosure mechanisms. Specifically, server-side include vulnerabilities exist within multiple web pages, including login.shtml and settings.shtml. These vulnerabilities allow the exposure of the web administration password from non-volatile memory at runtime. The vulnerable pages embed server-side execution directives that dynamically retrieve and expose the password.

Recommendations Apply a firmware update that addresses the hardcoded credential disclosure in the web interface. As a temporary workaround, restrict access to the login.shtml and settings.shtml pages.