Shenzhen Yuner WDR201A WiFi Extender Hardcoded Credential Disclosure Vulnerability

Vulnerability

A vulnerability exists in the web interface of the Shenzhen Yuner WDR201A WiFi extender, specifically in hardware version 2.1 and firmware version LFMZX28040922V1.02. The issue arises from hardcoded credential disclosure mechanisms that utilize Server Side Includes (SSI) to expose the web administration password. This vulnerability is present in multiple server-side web pages, including login.shtml and settings.shtml, where the password is dynamically retrieved from non-volatile memory and displayed at runtime.

Impact

Exploitation of this vulnerability leads to unauthorized disclosure of administrative credentials, allowing an attacker to gain full administrative access to the device's web management interface.

Added: Mar 18, 2026, 7:14 PM

Updated: Mar 18, 2026, 7:14 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

4.1

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

4.1

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Shenzhen Yuner WDR201A WiFi Extender Hardcoded Credential Disclosure Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating