CVE-2025-43988

KuWFi 5G01-X55 FL2020_V0.0.12 devices expose an unauthenticated API endpoint (ajax_get.cgi), allowing remote attackers to retrieve sensitive configuration data, including admin credentials.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
mitreCNA
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
References
https://drive.proton.me/urls/9EB08033PW#2b7dTc2x705W
https://github.com/actuator/cve/blob/main/Kuwfi/CVE-2025-43988.txt
https://github.com/actuator/cve/tree/main/Kuwfi
https://kuwfi.com/products/nsa-sa-25gbps-kuwfi-6000mah-wifi-router-5g-dual-band-128users-portable-5g-wifi-router-with-sim-card-slot