Vulnerability Description
The KuWFi 4G LTE AC900 router 1.0.13 is vulnerable to Cross-Site Request Forgery (CSRF) on its web management interface. This vulnerability allows an attacker to trick an authenticated admin user into performing unauthorized actions, such as exploiting a command injection vulnerability in /goform/formMultiApnSetting. Successful exploitation can also lead to unauthorized configuration changes.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://github.com/actuator/cve/blob/main/Kuwfi/CVE-2024-53946.txt
- https://github.com/actuator/cve/tree/main/Kuwfi
- https://kuwfi.com/products/kuwfi-gigabit-wireless-router-4g-lte-wifi-router-dual
FAQ
What is CVE-2024-53946?
CVE-2024-53946 is a vulnerability with a CVSS score of 8.8 (HIGH). The KuWFi 4G LTE AC900 router 1.0.13 is vulnerable to Cross-Site Request Forgery (CSRF) on its web management interface. This vulnerability allows an attacker to trick an authenticated admin user into...
How severe is CVE-2024-53946?
CVE-2024-53946 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-53946?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.