CVE-2025-43986

KuWFi · GC111

The KuWFi GC111 router has an enabled TELNET service exposed over the WAN interface without authentication, allowing unauthorized remote access.

Executive summary

A critical security flaw in KuWFi GC111 devices exposes an unauthenticated TELNET service via the WAN interface, permitting full remote device control.

Vulnerability

This is an authentication bypass and improper configuration vulnerability where the TELNET management service is enabled by default and exposed to the public-facing WAN interface. An unauthenticated attacker can establish a remote session to the device without providing credentials.

Business impact

The ability for an attacker to gain unauthenticated remote access to network infrastructure is catastrophic. With a CVSS score of 9.8, this vulnerability allows for complete device takeover, traffic interception, or the use of the router as a pivot point into the local network. Such a compromise threatens the integrity and availability of all connected business operations.

Remediation

Immediate Action: Disable the TELNET service immediately via the device management interface and ensure that management services are only accessible from trusted local networks.

Proactive Monitoring: Audit network traffic for any unexpected incoming connections on TCP port 23 (TELNET) from external sources.

Compensating Controls: Apply a firewall rule to block all incoming traffic on the WAN interface destined for management ports (TELNET, SSH, Web UI) of the device.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

This vulnerability represents a total failure of perimeter security for the affected devices. Operators must disable the exposed TELNET service immediately and verify that no other management services are accessible from the internet to maintain the security of the network.