CVE-2025-68706
CRITICAL
9,8
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Description
AI Translation Available
A stack-based buffer overflow exists in the GoAhead-Webs HTTP daemon on KuWFi 4G LTE AC900 devices with firmware 1.0.13. The /goform/formMultiApnSetting handler uses sprintf() to copy the user-supplied pincode parameter into a fixed 132-byte stack buffer with no bounds checks. This allows an attacker to corrupt adjacent stack memory, crash the web server, and (under certain conditions) may enable arbitrary code execution.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0010
Percentile
0,3th
Updated
EPSS Score Trend (Last 77 Days)
121
Stack-based Buffer Overflow
DraftCommon Consequences
Security Scopes Affected:
Availability
Integrity
Confidentiality
Access Control
Other
Potential Impacts:
Modify Memory
Dos: Crash, Exit, Or Restart
Dos: Resource Consumption (Cpu)
Dos: Resource Consumption (Memory)
Execute Unauthorized Code Or Commands
Bypass Protection Mechanism
Other
Applicable Platforms
Languages:
C, C++, Memory-Unsafe
Operating System
Ac900 Firmware by Kuwfi
CPE Identifier
View Detailed Analysis
cpe:2.3:o:kuwfi:ac900_firmware:1.0.13:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://drive.proton.me/urls/HJCJYAC7JM#XtHcm3P7QaYk
https://github.com/actuator/cve/blob/main/Kuwfi/CVE-2025-68706.txt
https://github.com/actuator/cve/tree/main/Kuwfi
https://kuwfi.com/products/kuwfi-gigabit-wireless-router-4g-lte-wifi-router-dua…