← back
CVE-2024-53945

CVE-2024-53945

CVSS 8.8 HIGHEPSS 19.0%CWE-77
Vexday Risk Score
26Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.8EPSS 19.0%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
14 Aug 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The KuWFi 4G AC900 LTE router 1.0.13 is vulnerable to command injection on the HTTP API endpoints /goform/formMultiApnSetting and /goform/atCmd. An authenticated attacker can execute arbitrary OS commands with root privileges via shell metacharacters in parameters such as pincode and cmds. Exploitation can lead to full system compromise, including enabling remote access (e.g., enabling telnet).
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/actuator/cve/blob/main/Kuwfi/CVE-2024-53945.txthttps://github.com/actuator/cve/tree/main/Kuwfihttps://kuwfi.com/products/kuwfi-gigabit-wireless-router-4g-lte-wifi-router-dual-band-portable-wifi-modem-hotspot-64-user-with-gigabit-wan-lan-rj11-port