CVE-2026-30704 - Vulnerability Analysis
CriticalCVSS: 9.1Last Updated: March 19, 2026
WiFi Extender WDR201A - Insecure Hardware Interface
Published: March 18, 2026Updated: March 19, 2026Remote Exploitable
Overview
WiFi Extender WDR201A HW V2.1, FW LFMZX28040922V1.02 contains an insecure UART interface caused by unprotected hardware pads on the PCB, letting attackers access the device hardware interface, exploit requires physical access to the device.
Severity & Score
Severity: Critical
CVSS Score: 9.1
Impact
Attackers with physical access can interact with the device hardware, potentially leading to device compromise or data extraction.
Mitigation
Restrict physical access or update firmware to secure UART interface if available.
References
- https://mstreet97.github.io/security-research/iot/vulnerability-disclosure/cybersecurity/cve/2026/02/18/From-Blackbox-to-Whitebox-Multiple-CVEs-in-a-Consumer-WiFi-Extender.html
- https://www.made-in-china.com/showroom/yeapook/#:~:text=Established%20in%202015.%2CDistrict%2C%20Shenzhen%2C%20Guangdong%2C%20China
Related Resources
Details
- CVE ID
- CVE-2026-30704
- Severity
- Critical
- CVSS Score
- 9.1
- Type
- undefined
- Status
- unconfirmed
CWE
- CWE-912
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H