VYPR
Vendor

KuWFi

Products
4
CVEs
7
Across products
7
Status
Private

Products

4

Recent CVEs

7
  • CVE-2025-43984CriAug 14, 2025
    risk 0.64cvss 9.8epss 0.18

    An issue was discovered on KuWFi GC111 devices (Hardware Version: CPE-LM321_V3.2, Software Version: GC111-GL-LM321_V3.0_20191211). They are vulnerable to unauthenticated /goform/goform_set_cmd_process requests. A crafted POST request, using the SSID parameter, allows remote…

  • CVE-2025-43986CriAug 13, 2025
    risk 0.64cvss 9.8epss 0.00

    An issue was discovered on KuWFi GC111 GC111-GL-LM321_V3.0_20191211 devices. The TELNET service is enabled by default and exposed over the WAN interface without authentication.

  • CVE-2025-43983CriAug 14, 2025
    risk 0.59cvss 9.1epss 0.00

    KuWFi CPF908-CP5 WEB5.0_LCD_20210125 devices have multiple unauthenticated access control vulnerabilities within goform/goform_set_cmd_process and goform/goform_get_cmd_process. These allow an unauthenticated attacker to retrieve sensitive information (including the device admin…

  • CVE-2024-53946HigAug 14, 2025
    risk 0.57cvss 8.8epss 0.01

    The KuWFi 4G LTE AC900 router 1.0.13 is vulnerable to Cross-Site Request Forgery (CSRF) on its web management interface. This vulnerability allows an attacker to trick an authenticated admin user into performing unauthorized actions, such as exploiting a command injection…

  • CVE-2024-53945HigAug 14, 2025
    risk 0.57cvss 8.8epss 0.19

    The KuWFi 4G AC900 LTE router 1.0.13 is vulnerable to command injection on the HTTP API endpoints /goform/formMultiApnSetting and /goform/atCmd. An authenticated attacker can execute arbitrary OS commands with root privileges via shell metacharacters in parameters such as…

  • CVE-2025-43988HigAug 13, 2025
    risk 0.49cvss 7.5epss 0.00

    KuWFi 5G01-X55 FL2020_V0.0.12 devices expose an unauthenticated API endpoint (ajax_get.cgi), allowing remote attackers to retrieve sensitive configuration data, including admin credentials.

  • CVE-2025-68706Dec 29, 2025
    risk 0.00cvss epss 0.04

    A stack-based buffer overflow exists in the GoAhead-Webs HTTP daemon on KuWFi 4G LTE AC900 devices with firmware 1.0.13. The /goform/formMultiApnSetting handler uses sprintf() to copy the user-supplied pincode parameter into a fixed 132-byte stack buffer with no bounds checks.…