Description
The KuWFi 4G LTE AC900 router 1.0.13 is vulnerable to Cross-Site Request Forgery (CSRF) on its web management interface. This vulnerability allows an attacker to trick an authenticated admin user into performing unauthorized actions, such as exploiting a command injection vulnerability in /goform/formMultiApnSetting. Successful exploitation can also lead to unauthorized configuration changes.
References
kuwfi.com/...-hotspot-64-user-with-gigabit-wan-lan-rj11-port
github.com/actuator/cve/tree/main/Kuwfi
github.com/actuator/cve/blob/main/Kuwfi/CVE-2024-53946.txt
