CVE-2025-68706 in 4G LTE AC900 Routerالمعلومات

الملخص

بحسب MITRE • 29/12/2025

A stack-based buffer overflow exists in the GoAhead-Webs HTTP daemon on KuWFi 4G LTE AC900 devices with firmware 1.0.13. The /goform/formMultiApnSetting handler uses sprintf() to copy the user-supplied pincode parameter into a fixed 132-byte stack buffer with no bounds checks. This allows an attacker to corrupt adjacent stack memory, crash the web server, and (under certain conditions) may enable arbitrary code execution.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

MITRE

حجز

24/12/2025

إفشاء

29/12/2025

الاعتدال

تمت الموافقة

إدخال

VDB-338697

CPE

جاهز

CWE

CWE-121 (مؤكد)

CVSS

5.0 (VulDB)

EPSS

0.00185

KEV

لا

النشاطات

منخفض جدًا

القطاع

Police, Insurance, ...

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-68706
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-68706
CVE Details	https://www.cvedetails.com/cve/CVE-2025-68706/

التالي ▸نظرة عامة ◂ السابق

Do you want to use VulDB in your project?

Use the official API to access entries easily!