CVE-2025-43984

KuWFi · GC111

KuWFi GC111 devices are vulnerable to an unauthenticated command execution flaw within the /goform/goform_set_cmd_process endpoint.

Executive summary

A critical unauthenticated command execution vulnerability in KuWFi GC111 devices poses a severe risk of full system compromise.

Vulnerability

This is a command injection vulnerability located in the /goform/goform_set_cmd_process interface, which allows an unauthenticated remote attacker to execute arbitrary commands on the underlying operating system.

Business impact

With a CVSS score of 9.8, this vulnerability represents a critical risk, as it allows complete administrative control over the affected hardware. Successful exploitation could lead to total device takeover, lateral movement within the network, and the potential exfiltration of sensitive traffic data handled by the device.

Remediation

Immediate Action: Check the manufacturer's portal for firmware updates addressing the /goform/goform_set_cmd_process vulnerability and apply them immediately.

Proactive Monitoring: Monitor network traffic for unusual POST requests directed at the /goform/goform_set_cmd_process endpoint and review system logs for unauthorized command execution patterns.

Compensating Controls: Deploy a Web Application Firewall (WAF) or strict perimeter firewall rules to restrict access to the device's management interface to trusted IP addresses only.

Exploitation status

Public Exploit Available: Not specified

Analyst recommendation

Given the critical CVSS severity and the ease of access via unauthenticated endpoints, administrators must prioritize the remediation of these devices. If a vendor patch is unavailable, isolating these devices from the public internet is the only effective way to prevent exploitation.