KuWFi GC111 Telnet Service Exposure Vulnerability Allowing Remote Access and Privilege Escalation

A vulnerability exists in KuWFi GC111 devices running the GC111-GL-LM321_V3.0_20191211 firmware. The issue arises because the TELNET service is enabled by default, accessible over the WAN interface, and does not require authentication. This configuration allows remote access to the device with root privileges. Additionally, there is no option in the device's graphical user interface to disable the TELNET service, leaving the device persistently vulnerable to unauthorized access and privilege escalation.

Impact

Exploitation of this vulnerability allows for remote access to the device via the TELNET service with root privileges, without the need for authentication. This access could be used to execute commands on the device, potentially leading to unauthorized changes or access to sensitive information. Furthermore, according to the vulnerability description, this issue could be exploited to cause a denial-of-service.