CVE-2024-53946
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-14

Last updated on: 2025-08-15

Assigner: MITRE

Description
The KuWFi 4G LTE AC900 router 1.0.13 is vulnerable to Cross-Site Request Forgery (CSRF) on its web management interface. This vulnerability allows an attacker to trick an authenticated admin user into performing unauthorized actions, such as exploiting a command injection vulnerability in /goform/formMultiApnSetting. Successful exploitation can also lead to unauthorized configuration changes.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-14
Last Modified
2025-08-15
Generated
2026-05-27
AI Q&A
2025-08-14
EPSS Evaluated
2026-05-25
NVD
CVE-2024-53946
EUVD
EUVD-2024-54880
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
kuwfi 4g_lte_ac900_router 1.0.13
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

The KuWFi 4G LTE AC900 router version 1.0.13 has a Cross-Site Request Forgery (CSRF) vulnerability in its web management interface. This means an attacker can trick an authenticated admin user into unknowingly performing unauthorized actions, such as exploiting a command injection vulnerability in a specific router function (/goform/formMultiApnSetting).


How can this vulnerability impact me? :

This vulnerability can allow an attacker to make unauthorized configuration changes to the router by exploiting the admin user's authenticated session. This could lead to compromised router settings, potential network security breaches, and unauthorized control over the device.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart