CVE-2024-53945
BaseFortify
Publication date: 2025-08-14
Last updated on: 2025-08-15
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| kuwfi | 4g_ac900_lte_router | 1.0.13 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects the KuWFi 4G AC900 LTE router version 1.0.13. It allows an authenticated attacker to perform command injection on specific HTTP API endpoints (/goform/formMultiApnSetting and /goform/atCmd). By injecting shell metacharacters into parameters like pincode and cmds, the attacker can execute arbitrary operating system commands with root privileges.
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to full system compromise of the affected router. An attacker could gain root-level control, potentially enabling remote access features such as telnet, which could allow further unauthorized access and control over the device and network.