PT-2025-33279 · Kuwfi · Kuwfi 4G Ac900 Lte Router
Published
2025-08-14
·
Updated
2025-08-16
·
CVE-2024-53946
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
KuWFi 4G LTE AC900 router version 1.0.13
Description:
The KuWFi 4G LTE AC900 router is susceptible to Cross-Site Request Forgery (CSRF) on its web management interface. An attacker can deceive an authenticated administrator into performing unintended actions, potentially exploiting a command injection vulnerability located at
/goform/formMultiApnSetting. Successful exploitation may also result in unauthorized configuration modifications.Recommendations:
Update to a newer version that contains a fix for this issue.
As a temporary workaround, consider disabling the web management interface until a patch is available.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kuwfi 4G Ac900 Lte Router