CVE-2024-53945
Published: 14 August 2025
Summary
CVE-2024-53945 is a high-severity Command Injection (CWE-77) vulnerability in Kuwfi (inferred from references). Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 35.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents command injection by requiring validation of inputs to vulnerable HTTP API endpoints like /goform/formMultiApnSetting and /goform/atCmd to reject shell metacharacters.
Mandates timely flaw remediation, such as applying firmware patches for CVE-2024-53945, to eliminate the command injection vulnerability.
Restricts information inputs at API parameters like pincode and cmds to authorized formats, blocking shell metacharacters and preventing arbitrary command execution.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection in network-exposed HTTP API endpoints directly enables remote OS command execution as root from low-priv authenticated access.
NVD Description
The KuWFi 4G AC900 LTE router 1.0.13 is vulnerable to command injection on the HTTP API endpoints /goform/formMultiApnSetting and /goform/atCmd. An authenticated attacker can execute arbitrary OS commands with root privileges via shell metacharacters in parameters such as pincode and…
more
cmds. Exploitation can lead to full system compromise, including enabling remote access (e.g., enabling telnet).
Deeper analysisAI
CVE-2024-53945 is a command injection vulnerability (CWE-77) affecting the KuWFi 4G AC900 LTE router running firmware version 1.0.13. The flaw exists in the HTTP API endpoints /goform/formMultiApnSetting and /goform/atCmd, where shell metacharacters injected into parameters such as pincode and cmds are executed as arbitrary OS commands with root privileges. The vulnerability has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.
An authenticated attacker with low privileges and network access to the router can exploit this vulnerability without user interaction. Successful exploitation allows execution of arbitrary commands as root, leading to full system compromise. Attackers can achieve outcomes such as enabling remote access services like telnet, granting persistent backdoor access.
Advisories and additional details are available in referenced sources, including a GitHub repository at https://github.com/actuator/cve/blob/main/Kuwfi/CVE-2024-53945.txt and the related tree at https://github.com/actuator/cve/tree/main/Kuwfi, as well as the product page at https://kuwfi.com/products/kuwfi-gigabit-wireless-router-4g-lte-wifi-router-dual-band-portable-wifi-modem-hotspot-64-user-with-gigabit-wan-lan-rj11-port. No specific patch or mitigation guidance is detailed in the provided information.
Details
- CWE(s)