CVE-2025-43986
KuWFi · GC111
The KuWFi GC111 router has an enabled TELNET service exposed over the WAN interface without authentication, allowing unauthorized remote access.
Executive summary
A critical security flaw in KuWFi GC111 devices exposes an unauthenticated TELNET service via the WAN interface, permitting full remote device control.
Vulnerability
This is an authentication bypass and improper configuration vulnerability where the TELNET management service is enabled by default and exposed to the public-facing WAN interface. An unauthenticated attacker can establish a remote session to the device without providing credentials.
Business impact
The ability for an attacker to gain unauthenticated remote access to network infrastructure is catastrophic. With a CVSS score of 9.8, this vulnerability allows for complete device takeover, traffic interception, or the use of the router as a pivot point into the local network. Such a compromise threatens the integrity and availability of all connected business operations.
Remediation
Immediate Action: Disable the TELNET service immediately via the device management interface and ensure that management services are only accessible from trusted local networks.
Proactive Monitoring: Audit network traffic for any unexpected incoming connections on TCP port 23 (TELNET) from external sources.
Compensating Controls: Apply a firewall rule to block all incoming traffic on the WAN interface destined for management ports (TELNET, SSH, Web UI) of the device.
Exploitation status
Public Exploit Available: Unknown
Analyst recommendation
This vulnerability represents a total failure of perimeter security for the affected devices. Operators must disable the exposed TELNET service immediately and verify that no other management services are accessible from the internet to maintain the security of the network.