CVE-2025-43988
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
KuWFi 5G01-X55 FL2020_V0.0.12 devices expose an unauthenticated API endpoint (ajax_get.cgi), allowing remote attackers to retrieve sensitive configuration data, including admin credentials.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
- https://github.com/actuator/cve/tree/main/Kuwfi
- https://kuwfi.com/products/nsa-sa-25gbps-kuwfi-6000mah-wifi-router-5g-dual-band-128users-portable-5g-wifi-router-with-sim-card-slot
- https://drive.proton.me/urls/9EB08033PW#2b7dTc2x705W
- https://github.com/actuator/cve/blob/main/Kuwfi/CVE-2025-43988.txt
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.