CVE-2025-68706
Published: 29 December 2025
Summary
CVE-2025-68706 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Kuwfi Ac900 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 10.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2025-68706 is a stack-based buffer overflow vulnerability in the GoAhead-Webs HTTP daemon on KuWFi 4G LTE AC900 devices with firmware version 1.0.13. The issue resides in the /goform/formMultiApnSetting handler, which employs sprintf() to copy the user-supplied pincode parameter into a fixed 132-byte stack buffer without bounds checking, as classified under CWE-121 (Stack-based Buffer Overflow). Published on 2025-12-29, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
An unauthenticated attacker with network access can exploit this vulnerability by submitting a specially crafted HTTP request containing an overly long pincode parameter. This triggers buffer overflow, corrupting adjacent stack memory and enabling denial-of-service via web server crashes. Under certain conditions, the overflow may facilitate arbitrary code execution.
Advisories and additional details are available via the provided references, including a technical report at https://drive.proton.me/urls/HJCJYAC7JM#XtHcm3P7QaYk, exploit details in https://github.com/actuator/cve/blob/main/Kuwfi/CVE-2025-68706.txt, related repository at https://github.com/actuator/cve/tree/main/Kuwfi, and product information at https://kuwfi.com/products/kuwfi-gigabit-wireless-router-4g-lte-wifi-router-dual-band-portable-wifi-modem-hotspot-64-user-with-gigabit-wan-lan-rj11-port. No specific patches or mitigations are detailed in the primary description.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-205631
Vulnerability details
A stack-based buffer overflow exists in the GoAhead-Webs HTTP daemon on KuWFi 4G LTE AC900 devices with firmware 1.0.13. The /goform/formMultiApnSetting handler uses sprintf() to copy the user-supplied pincode parameter into a fixed 132-byte stack buffer with no bounds checks.…
more
This allows an attacker to corrupt adjacent stack memory, crash the web server, and (under certain conditions) may enable arbitrary code execution.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated stack-based buffer overflow in public-facing HTTP daemon (/goform/formMultiApnSetting) exploitable via crafted HTTP request for DoS or potential RCE, directly enabling T1190: Exploit Public-Facing Application.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires validation and bounds checking of user-supplied pincode input to prevent stack buffer overflow in the /goform/formMultiApnSetting handler.
Provides memory protection mechanisms such as stack canaries and non-executable stacks to block exploitation of the stack-based buffer overflow.
Ensures timely flaw remediation by patching the unsafe sprintf usage without bounds checks in the GoAhead-Webs HTTP daemon.