Critical severity9.8NVD Advisory· Published Aug 14, 2025· Updated Apr 15, 2026

CVE-2025-43984

Description

An issue was discovered on KuWFi GC111 devices (Hardware Version: CPE-LM321_V3.2, Software Version: GC111-GL-LM321_V3.0_20191211). They are vulnerable to unauthenticated /goform/goform_set_cmd_process requests. A crafted POST request, using the SSID parameter, allows remote attackers to execute arbitrary OS commands with root privileges.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

drive.proton.me/urls/1NRPNBE678nvd
github.com/actuator/cve/blob/main/Kuwfi/CVE-2025-43984.txtnvd
github.com/actuator/cve/tree/main/kuwfinvd
www.kuwfi.com/products/300mbps-industrial-router-cat4-4g-cpe-router-extender-strong-wifi-signal-suport-32wifi-users-with-sim-card-slot-95nvd

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000