CVE-2025-43984

Name of the Vulnerable Software and Affected Versions: KuWFi GC111 versions GC111-GL-LM321 V3.0 20191211

Description: The KuWFi GC111 device is susceptible to unauthorized command execution. A crafted POST request to the /goform/goform set cmd process API endpoint, utilizing the SSID parameter, allows remote attackers to execute arbitrary OS commands with root privileges.

Recommendations: For KuWFi GC111 version GC111-GL-LM321 V3.0 20191211, restrict access to the /goform/goform set cmd process API endpoint. For KuWFi GC111 version GC111-GL-LM321 V3.0 20191211, sanitize or validate the SSID parameter to prevent command injection.