Security Advisory

CVE-2025-43983

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-08-14 00:00:00

Last updated 2025-08-15 12:58:59

Assigner mitre

State PUBLISHED

Description

KuWFi CPF908-CP5 WEB5.0_LCD_20210125 devices have multiple unauthenticated access control vulnerabilities within goform/goform_set_cmd_process and goform/goform_get_cmd_process. These allow an unauthenticated attacker to retrieve sensitive information (including the device admin username and password), modify critical device settings, and send arbitrary SMS messages.

← Browse all CVEs View on cve.org ↗