CVE-2025-43986

Critical

Published: 13 August 2025

Published

13 August 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0012 31.0th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-43986 is a critical-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in Kuwfi (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique External Remote Services (T1133); ranked at the 31.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-17 (Remote Access) and CM-7 (Least Functionality).

Threat & Defense at a Glance

What attackers do: exploitation maps to External Remote Services (T1133). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

CM-7 Least Functionality good match

prevent

Mandates prohibiting unnecessary services like TELNET enabled by default, directly preventing exposure and exploitation.

SC-14 Public Access Protections good match

prevent

Restricts public access to specific ports, protocols, and services such as unauthenticated TELNET on WAN interfaces.

AC-17 Remote Access good match

prevent

Establishes authorization and usage restrictions for remote access mechanisms like exposed TELNET, preventing unauthorized connections.

MITRE ATT&CK Enterprise TechniquesAI

T1133 External Remote Services Persistence

Adversaries may leverage external-facing remote services to initially access and/or persist within a network.

attack.mitre.org →

Why these techniques?

Default unauthenticated Telnet exposure on WAN directly enables External Remote Services (T1133) for initial access and command execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

An issue was discovered on KuWFi GC111 GC111-GL-LM321_V3.0_20191211 devices. The TELNET service is enabled by default and exposed over the WAN interface without authentication.

Deeper analysisAI

CVE-2025-43986, published on 2025-08-13, affects KuWFi GC111 devices running firmware version GC111-GL-LM321_V3.0_20191211. The vulnerability stems from the TELNET service being enabled by default and exposed over the WAN interface without authentication, classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for complete system compromise.

Any unauthenticated attacker with network access to the device's WAN interface can exploit this vulnerability. By connecting directly to the exposed TELNET port, attackers can achieve high-impact unauthorized access, potentially obtaining sensitive information, executing arbitrary commands, modifying configurations, or disrupting device operations, leading to full confidentiality, integrity, and availability impacts.

Advisories and further details are available in the referenced GitHub repositories at https://github.com/actuator/cve/blob/main/Kuwfi/CVE-2025-43986.txt and https://github.com/actuator/cve/tree/main/kuwfi, along with the product page at https://www.kuwfi.com/products/300mbps-industrial-router-cat4-4g-cpe-router-extender-strong-wifi-signal-suport-32wifi-users-with-sim-card-slot-95. No specific patch or mitigation guidance is detailed in the provided CVE information.