{"vulnerability": "cve-2026-4192", "sightings": [{"uuid": "e15c499b-613c-4fda-bd89-b4de3501ee8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41922", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ml2j6vdkut2p", "content": "CVE-2026-41922 - WDR201A WiFi Extender OS Command Injection via wireless.cgi\nCVE ID : CVE-2026-41922\n \n Published : May 4, 2026, 7:04 p.m. | 1\u00a0hour, 16\u00a0minutes ago\n \n Description : WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerab...", "creation_timestamp": "2026-05-04T20:29:31.696911Z"}, {"uuid": "75f207ad-3b36-4208-a5d2-5b310571b820", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41923", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ml2jdrriv32c", "content": "CVE-2026-41923 - WDR201A WiFi Extender OS Command Injection via internet.cgi\nCVE ID : CVE-2026-41923\n \n Published : May 4, 2026, 7:10 p.m. | 1\u00a0hour, 9\u00a0minutes ago\n \n Description : WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerabi...", "creation_timestamp": "2026-05-04T20:32:15.970360Z"}, {"uuid": "63815c0c-71ca-429c-b1a0-a5ca63e205b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41925", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ml2jvukepv2v", "content": "CVE-2026-41925 - WDR201A WiFi Extender OS Command Injection via adm.cgi (reboot_time)\nCVE ID : CVE-2026-41925\n \n Published : May 4, 2026, 7:15 p.m. | 1\u00a0hour, 4\u00a0minutes ago\n \n Description : WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection ...", "creation_timestamp": "2026-05-04T20:42:22.817142Z"}, {"uuid": "5a0243dc-6c01-480e-aba0-2a907c654e32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41924", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ml2k5k7ruc2p", "content": "CVE-2026-41924 - WDR201A WiFi Extender OS Command Injection via makeRequest.cgi\nCVE ID : CVE-2026-41924\n \n Published : May 4, 2026, 7:12 p.m. | 1\u00a0hour, 8\u00a0minutes ago\n \n Description : WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulner...", "creation_timestamp": "2026-05-04T20:46:40.509619Z"}, {"uuid": "2d78f06b-56ef-4a49-a172-f38a504de24e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41926", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ml2kyfnef32k", "content": "CVE-2026-41926 - WDR201A WiFi Extender OS Command Injection via firewall.cgi\nCVE ID : CVE-2026-41926\n \n Published : May 4, 2026, 7:17 p.m. | 1\u00a0hour, 2\u00a0minutes ago\n \n Description : WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerabi...", "creation_timestamp": "2026-05-04T21:01:41.808892Z"}, {"uuid": "ec488d93-9288-411b-9f1f-642c4bd62c7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41927", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ml2qh4cjwc2v", "content": "CVE-2026-41927 - WDR201A WiFi Extender Stack-Based Buffer Overflow via firewall.cgi\nCVE ID : CVE-2026-41927\n \n Published : May 4, 2026, 8:16 p.m. | 2\u00a0hours, 4\u00a0minutes ago\n \n Description : WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains a stack-based buffer over...", "creation_timestamp": "2026-05-04T22:39:23.716239Z"}, {"uuid": "3f5b3781-e53c-49dc-a4d2-f88b3ee9da90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41926", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116519379011969410", "content": "\ud83d\udea8 CVE-2026-41926 (CRITICAL, CVSS 9.3): OS command injection in Shenzhen Yipu WDR201A WiFi Extender allows unauthenticated remote code execution via firewall.cgi. Persistent payloads survive reboots. Restrict access, monitor for fixes. https://radar.offseq.com/threat/cve-2026-41926-improper-neutralization-of-special--58e4d954 #OffSeq #IoTSecurity #CVE", "creation_timestamp": "2026-05-05T01:30:27.966902Z"}, {"uuid": "a0daaccc-d987-4ce9-bd21-f6a183e838df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41926", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3ml2zyzafpz23", "content": "Major alert: CRITICAL OS command injection (CVE-2026-41926) in Shenzhen Yipu WDR201A WiFi Extender. Remote attackers can run persistent commands. Restrict firewall.cgi access & monitor for patches. https://radar.offseq.com/threat/cve-2026-41926-improper-neutralization-of-special--58e4d954 #OffSeq...", "creation_timestamp": "2026-05-05T01:30:28.757652Z"}, {"uuid": "96dd1ed7-634f-4300-b004-131a289f13cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41924", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116521502604855300", "content": "\ud83d\udea8 CVE-2026-41924 (CRITICAL): OS command injection in WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) enables unauthenticated remote shell command execution. No patch yet \u2014 immediate isolation & monitoring advised. https://radar.offseq.com/threat/cve-2026-41924-improper-neutralization-of-special--62b0b2d6 #OffSeq #Vuln #IoTSecurity", "creation_timestamp": "2026-05-05T10:30:30.381928Z"}, {"uuid": "18bb34f9-a65e-4d9e-9317-0514dc779240", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41924", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3ml3y6pkxqf2v", "content": "CRITICAL: OS command injection in WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) lets attackers run shell commands remotely. No patch yet \u2014 isolate & monitor now. https://radar.offseq.com/threat/cve-2026-41924-improper-neutralization-of-special--62b0b2d6 #OffSeq #Vulnerability #IoTSecurity", "creation_timestamp": "2026-05-05T10:30:32.221147Z"}, {"uuid": "7b666405-51cc-42eb-86b2-f31f113397c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41929", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlcjubv62j2n", "content": "CVE-2026-41929 - Vvveb\nCVE ID : CVE-2026-41929\n \n Published : May 7, 2026, 10:16 p.m. | 2\u00a0hours, 9\u00a0minutes ago\n \n Description : Vvveb before 1.0.8.2 contains an unauthenticated reflected cross-site scripting vulnerability in the visual editor preview renderer that allows attac...", "creation_timestamp": "2026-05-08T01:02:47.440682Z"}, {"uuid": "f9b1b857-7ed1-4086-8456-26a192a20b6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41928", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlcjygcf5y2k", "content": "CVE-2026-41928 - Vvveb\nCVE ID : CVE-2026-41928\n \n Published : May 7, 2026, 10:16 p.m. | 2\u00a0hours, 9\u00a0minutes ago\n \n Description : Vvveb before 1.0.8.2 contains an information disclosure vulnerability in the cron controller that allows unauthenticated attackers to retrieve the ap...", "creation_timestamp": "2026-05-08T01:05:06.555922Z"}]}