An issue was discovered on KuWFi GC111 devices (Hardware Version: CPE-LM321_V3.2, Software Version: GC111-GL-LM321_V3.0_20191211). They are vulnerable to unauthenticated /goform/goform_set_cmd_process requests. A crafted POST request, using the SSID parameter, allows remote attackers to execute arbitrary OS commands with root privileges.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Sat, 16 Aug 2025 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Kuwfi
Kuwfi gc111
Vendors & Products Kuwfi
Kuwfi gc111

Fri, 15 Aug 2025 13:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-78
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 14 Aug 2025 14:15:00 +0000

Type Values Removed Values Added
Description An issue was discovered on KuWFi GC111 devices (Hardware Version: CPE-LM321_V3.2, Software Version: GC111-GL-LM321_V3.0_20191211). They are vulnerable to unauthenticated /goform/goform_set_cmd_process requests. A crafted POST request, using the SSID parameter, allows remote attackers to execute arbitrary OS commands with root privileges.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-08-15T12:59:07.594Z

Reserved: 2025-04-21T00:00:00.000Z

Link: CVE-2025-43984

cve-icon Vulnrichment

Updated: 2025-08-15T12:47:11.106Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-08-14T14:15:31.210

Modified: 2025-08-15T13:15:31.110

Link: CVE-2025-43984

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-08-16T21:41:17Z