CVE-2024-53945 | THREATINT

Description

The KuWFi 4G AC900 LTE router 1.0.13 is vulnerable to command injection on the HTTP API endpoints /goform/formMultiApnSetting and /goform/atCmd. An authenticated attacker can execute arbitrary OS commands with root privileges via shell metacharacters in parameters such as pincode and cmds. Exploitation can lead to full system compromise, including enabling remote access (e.g., enabling telnet).

PUBLISHED Reserved 2024-11-25 | Published 2025-08-14 | Updated 2025-08-14 | Assigner mitre

References

kuwfi.com/...-hotspot-64-user-with-gigabit-wan-lan-rj11-port

github.com/actuator/cve/tree/main/Kuwfi

github.com/actuator/cve/blob/main/Kuwfi/CVE-2024-53945.txt

cve.org (CVE-2024-53945)

nvd.nist.gov (CVE-2024-53945)

Download JSON