VYPR

4G LTE AC900

by KuWFi

CVEs (3)

  • CVE-2024-53946HigAug 14, 2025
    risk 0.57cvss 8.8epss 0.01

    The KuWFi 4G LTE AC900 router 1.0.13 is vulnerable to Cross-Site Request Forgery (CSRF) on its web management interface. This vulnerability allows an attacker to trick an authenticated admin user into performing unauthorized actions, such as exploiting a command injection…

  • CVE-2024-53945HigAug 14, 2025
    risk 0.57cvss 8.8epss 0.19

    The KuWFi 4G AC900 LTE router 1.0.13 is vulnerable to command injection on the HTTP API endpoints /goform/formMultiApnSetting and /goform/atCmd. An authenticated attacker can execute arbitrary OS commands with root privileges via shell metacharacters in parameters such as…

  • CVE-2025-68706Dec 29, 2025
    risk 0.00cvss epss 0.04

    A stack-based buffer overflow exists in the GoAhead-Webs HTTP daemon on KuWFi 4G LTE AC900 devices with firmware 1.0.13. The /goform/formMultiApnSetting handler uses sprintf() to copy the user-supplied pincode parameter into a fixed 132-byte stack buffer with no bounds checks.…