CVE-2026-30704
Unprotected UART Interface in WDR201A WiFi Extender Enables Hardware Access
Publication date: 2026-03-18
Last updated on: 2026-03-19
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-912 | The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability involves the WiFi Extender WDR201A (hardware version 2.1, firmware LFMZX28040922V1.02) exposing an unprotected UART interface. This interface is accessible through hardware pads on the device's printed circuit board (PCB), which means that an attacker with physical access to the device could potentially connect to this interface without any authentication or protection.
How can this vulnerability impact me? :
Because the UART interface is unprotected and accessible, an attacker with physical access to the device could exploit this to gain unauthorized access to the device's internal functions. This could lead to unauthorized control, modification of device settings, or extraction of sensitive information stored on the device.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know