Primary

Context

KuWFi 5G01-X55 Unauthenticated API Endpoint Vulnerability Allowing Sensitive Data Exposure

Vulnerability

A vulnerability exists in KuWFi 5G01-X55 devices running firmware FL2020_V0.0.12, where an unauthenticated API endpoint (ajax_get.cgi) allows remote attackers to access sensitive configuration information, including administrative credentials. This exposure could lead to unauthorized administrative access and potential full control over the device.

Impact

Exploitation of this vulnerability allows for unauthorized access to admin credentials and configuration data, enabling a full takeover of the affected device.

Reproduction

The vulnerability can be reproduced by sending a request to the unauthenticated API endpoint ajax_get.cgi, with the parameter which_ajax set to 'database' and pram set to 'web_admin_password'. This request will return the web admin password without any authentication, thereby exposing sensitive admin credentials.

Added: Aug 13, 2025, 8:25 PM

Updated: Aug 13, 2025, 8:25 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

KuWFi 5G01-X55 Unauthenticated API Endpoint Vulnerability Allowing Sensitive Data Exposure

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating