CVE-2025-68706

Name of the Vulnerable Software and Affected Versions GoAhead-Webs on KuWFi 4G LTE AC900 version 1.0.13

Description A stack-based buffer overflow exists in the GoAhead-Webs HTTP daemon. The /goform/formMultiApnSetting handler uses sprintf() to copy the pincode parameter, supplied by the user, into a fixed 132-byte stack buffer without proper bounds checking. This can lead to corruption of adjacent stack memory, potentially causing the web server to crash and, under specific circumstances, enabling arbitrary code execution. The vulnerable parameter is pincode.

Recommendations Update to a newer version that contains a fix for this vulnerability.