Description
KuWFi 5G01-X55 FL2020_V0.0.12 devices expose an unauthenticated API endpoint (ajax_get.cgi), allowing remote attackers to retrieve sensitive configuration data, including admin credentials.
References
github.com/actuator/cve/tree/main/Kuwfi
kuwfi.com/...sers-portable-5g-wifi-router-with-sim-card-slot
drive.proton.me/urls/9EB08033PW
github.com/actuator/cve/blob/main/Kuwfi/CVE-2025-43988.txt
