CVE-2026-30702
Published: 18 March 2026
Summary
CVE-2026-30702 is a critical-severity Improper Authorization (CWE-285) vulnerability in Github (inferred from references). Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 28.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and AC-3 (Access Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces approved authorizations for logical access to information and system resources, directly preventing authentication bypass via forced browsing to restricted web endpoints.
Implements a reference monitor to mediate and enforce access control policies on all requests, blocking unauthorized direct access to protected management interface endpoints.
Employs least privilege for web management functions, reducing the scope and impact of unauthorized access gained through authentication bypass.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is an authentication bypass in a public-facing web management interface of a WiFi extender, exploitable remotely via forced browsing, directly mapping to exploitation of public-facing applications.
NVD Description
The WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) implements a broken authentication mechanism in its web management interface. The login page does not properly enforce session validation, allowing attackers to bypass authentication by directly accessing restricted web application endpoints through…
more
forced browsing
Deeper analysisAI
CVE-2026-30702 is a critical authentication bypass vulnerability (CVSS 3.1 score of 9.8) affecting the WiFi Extender WDR201A device, specifically hardware version 2.1 running firmware LFMZX28040922V1.02. The flaw stems from a broken authentication mechanism in the web management interface, where the login page fails to properly enforce session validation. This allows attackers to bypass authentication entirely by directly accessing restricted web application endpoints via forced browsing techniques, as classified under CWE-285 (Improper Authorization).
The vulnerability is exploitable remotely over the network (AV:N) with low complexity (AC:L), requiring no privileges (PR:N), no user interaction (UI:N), and no scope change (S:U), resulting in high impacts to confidentiality, integrity, and availability (C:H/I:H/A:H). Any unauthenticated attacker who can reach the device's web interface—typically on the local network—can exploit it to gain unauthorized administrative access, potentially enabling full device compromise, configuration changes, or further network pivoting.
Advisories reference a security research disclosure detailing this and other CVEs in the device at https://mstreet97.github.io/security-research/iot/vulnerability-disclosure/cybersecurity/cve/2026/02/18/From-Blackbox-to-Whitebox-Multiple-CVEs-in-a-Consumer-WiFi-Extender.html, along with the manufacturer's site at https://www.made-in-china.com/showroom/yeapook/. No specific patches or mitigations are detailed in the provided information.
Details
- CWE(s)