Search

Find a vulnerability

Search criteria

    17 vulnerabilities found for AC-WPSM-11ac-P by Inaba Denki Sangyo Co., Ltd.

    CVE-2025-29870 (GCVE-0-2025-29870)

    Vulnerability from nvd – Published: 2025-04-09 09:03 – Updated: 2025-04-10 14:24
    VLAI
    Summary
    Missing authentication for critical function vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote unauthenticated attacker may obtain the product configuration information including authentication information.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing authentication for critical function
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-29870",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-09T14:16:49.042202Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-10T14:24:24.090Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AC-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Missing authentication for critical function vulnerability exists in Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027. If exploited, a remote unauthenticated attacker may obtain the product configuration information including authentication information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "Missing authentication for critical function",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-09T09:03:35.579Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.inaba.co.jp/abaniact/news/security_20250404.pdf"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93925742/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-29870",
        "datePublished": "2025-04-09T09:03:35.579Z",
        "dateReserved": "2025-03-24T07:21:16.404Z",
        "dateUpdated": "2025-04-10T14:24:24.090Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-27934 (GCVE-0-2025-27934)

    Vulnerability from nvd – Published: 2025-04-09 09:03 – Updated: 2025-04-09 14:20
    VLAI
    Summary
    Information disclosure of authentication information in the specific service vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote unauthenticated attacker may obtain the product authentication information.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-497 - Exposure of sensitive system information to an unauthorized control sphere
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27934",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-09T14:19:54.967646Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-09T14:20:29.090Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AC-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Information disclosure of authentication information in the specific service vulnerability exists in Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027. If exploited, a remote unauthenticated attacker may obtain the product authentication information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-497",
                  "description": "Exposure of sensitive system information to an unauthorized control sphere",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-09T09:03:32.130Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.inaba.co.jp/abaniact/news/security_20250404.pdf"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93925742/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-27934",
        "datePublished": "2025-04-09T09:03:32.130Z",
        "dateReserved": "2025-03-24T07:21:24.473Z",
        "dateUpdated": "2025-04-09T14:20:29.090Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-27797 (GCVE-0-2025-27797)

    Vulnerability from nvd – Published: 2025-04-09 09:03 – Updated: 2025-04-09 14:57
    VLAI
    Summary
    OS command injection vulnerability in the specific service exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to the product.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27797",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-09T14:43:52.062993Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-09T14:57:13.725Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AC-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "OS command injection vulnerability in the specific service exists in Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to the product."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-09T09:03:29.067Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.inaba.co.jp/abaniact/news/security_20250404.pdf"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93925742/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-27797",
        "datePublished": "2025-04-09T09:03:29.067Z",
        "dateReserved": "2025-03-24T07:21:23.496Z",
        "dateUpdated": "2025-04-09T14:57:13.725Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-27722 (GCVE-0-2025-27722)

    Vulnerability from nvd – Published: 2025-04-09 09:03 – Updated: 2025-04-09 15:07
    VLAI
    Summary
    Cleartext transmission of sensitive information issue exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a man-in-the-middle attack may allow a remote unauthenticated attacker to eavesdrop the communication and obtain the authentication information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-319 - Cleartext transmission of sensitive information
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27722",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-09T15:05:43.543317Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-09T15:07:39.314Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AC-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cleartext transmission of sensitive information issue exists in Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027. If exploited, a man-in-the-middle attack may allow a remote unauthenticated attacker to eavesdrop the communication and obtain the authentication information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "Cleartext transmission of sensitive information",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-09T09:03:26.029Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.inaba.co.jp/abaniact/news/security_20250404.pdf"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93925742/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-27722",
        "datePublished": "2025-04-09T09:03:26.029Z",
        "dateReserved": "2025-03-24T07:21:19.872Z",
        "dateUpdated": "2025-04-09T15:07:39.314Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-25213 (GCVE-0-2025-25213)

    Vulnerability from nvd – Published: 2025-04-09 09:03 – Updated: 2025-04-09 17:07
    VLAI
    Summary
    Improper restriction of rendered UI layers or frames issue exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If a user views and clicks on the content on the malicious page while logged in, unintended operations may be performed.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1021 - Improper restriction of rendered UI layers or frames
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-25213",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-09T17:06:42.413898Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-09T17:07:57.202Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AC-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper restriction of rendered UI layers or frames issue exists in Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027. If a user views and clicks on the content on the malicious page while logged in, unintended operations may be performed."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1021",
                  "description": "Improper restriction of rendered UI layers or frames",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-09T09:03:20.081Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.inaba.co.jp/abaniact/news/security_20250404.pdf"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93925742/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-25213",
        "datePublished": "2025-04-09T09:03:20.081Z",
        "dateReserved": "2025-03-24T07:21:15.552Z",
        "dateUpdated": "2025-04-09T17:07:57.202Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-25056 (GCVE-0-2025-25056)

    Vulnerability from nvd – Published: 2025-04-09 09:03 – Updated: 2025-04-09 17:13
    VLAI
    Summary
    Cross-site request forgery vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If a user views a malicious page while logged in, unintended operations may be performed.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-site request forgery (CSRF)
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-25056",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-09T17:13:20.262542Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-09T17:13:41.222Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AC-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery vulnerability exists in Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027. If a user views a malicious page while logged in, unintended operations may be performed."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "Cross-site request forgery (CSRF)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-09T09:03:14.758Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.inaba.co.jp/abaniact/news/security_20250404.pdf"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93925742/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-25056",
        "datePublished": "2025-04-09T09:03:14.758Z",
        "dateReserved": "2025-03-24T07:21:25.344Z",
        "dateUpdated": "2025-04-09T17:13:41.222Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-25053 (GCVE-0-2025-25053)

    Vulnerability from nvd – Published: 2025-04-09 09:03 – Updated: 2025-04-09 17:15
    VLAI
    Summary
    OS command injection vulnerability in the WEB UI (the setting page) exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to the product.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-25053",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-09T17:13:55.951870Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-09T17:15:44.479Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AC-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "OS command injection vulnerability in the WEB UI (the setting page) exists in Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to the product."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-09T09:03:09.322Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.inaba.co.jp/abaniact/news/security_20250404.pdf"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93925742/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-25053",
        "datePublished": "2025-04-09T09:03:09.322Z",
        "dateReserved": "2025-03-24T07:21:17.509Z",
        "dateUpdated": "2025-04-09T17:15:44.479Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-23407 (GCVE-0-2025-23407)

    Vulnerability from nvd – Published: 2025-04-09 09:03 – Updated: 2025-04-09 17:16
    VLAI
    Summary
    Incorrect privilege assignment vulnerability in the WEB UI (the setting page) exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote attacker who can log in to the product may alter the settings without appropriate privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-266 - Incorrect privilege assignment
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-23407",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-09T17:16:09.848050Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-09T17:16:29.703Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AC-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Incorrect privilege assignment vulnerability in the WEB UI (the setting page) exists in Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027. If exploited, a remote attacker who can log in to the product may alter the settings without appropriate privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect privilege assignment",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-09T09:03:03.197Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.inaba.co.jp/abaniact/news/security_20250404.pdf"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93925742/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-23407",
        "datePublished": "2025-04-09T09:03:03.197Z",
        "dateReserved": "2025-03-24T07:21:22.106Z",
        "dateUpdated": "2025-04-09T17:16:29.703Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-29870 (GCVE-0-2025-29870)

    Vulnerability from cvelistv5 – Published: 2025-04-09 09:03 – Updated: 2025-04-10 14:24
    VLAI
    Summary
    Missing authentication for critical function vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote unauthenticated attacker may obtain the product configuration information including authentication information.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing authentication for critical function
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-29870",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-09T14:16:49.042202Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-10T14:24:24.090Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AC-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Missing authentication for critical function vulnerability exists in Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027. If exploited, a remote unauthenticated attacker may obtain the product configuration information including authentication information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "Missing authentication for critical function",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-09T09:03:35.579Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.inaba.co.jp/abaniact/news/security_20250404.pdf"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93925742/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-29870",
        "datePublished": "2025-04-09T09:03:35.579Z",
        "dateReserved": "2025-03-24T07:21:16.404Z",
        "dateUpdated": "2025-04-10T14:24:24.090Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-27934 (GCVE-0-2025-27934)

    Vulnerability from cvelistv5 – Published: 2025-04-09 09:03 – Updated: 2025-04-09 14:20
    VLAI
    Summary
    Information disclosure of authentication information in the specific service vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote unauthenticated attacker may obtain the product authentication information.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-497 - Exposure of sensitive system information to an unauthorized control sphere
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27934",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-09T14:19:54.967646Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-09T14:20:29.090Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AC-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Information disclosure of authentication information in the specific service vulnerability exists in Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027. If exploited, a remote unauthenticated attacker may obtain the product authentication information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-497",
                  "description": "Exposure of sensitive system information to an unauthorized control sphere",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-09T09:03:32.130Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.inaba.co.jp/abaniact/news/security_20250404.pdf"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93925742/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-27934",
        "datePublished": "2025-04-09T09:03:32.130Z",
        "dateReserved": "2025-03-24T07:21:24.473Z",
        "dateUpdated": "2025-04-09T14:20:29.090Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-27797 (GCVE-0-2025-27797)

    Vulnerability from cvelistv5 – Published: 2025-04-09 09:03 – Updated: 2025-04-09 14:57
    VLAI
    Summary
    OS command injection vulnerability in the specific service exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to the product.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27797",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-09T14:43:52.062993Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-09T14:57:13.725Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AC-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "OS command injection vulnerability in the specific service exists in Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to the product."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-09T09:03:29.067Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.inaba.co.jp/abaniact/news/security_20250404.pdf"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93925742/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-27797",
        "datePublished": "2025-04-09T09:03:29.067Z",
        "dateReserved": "2025-03-24T07:21:23.496Z",
        "dateUpdated": "2025-04-09T14:57:13.725Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-27722 (GCVE-0-2025-27722)

    Vulnerability from cvelistv5 – Published: 2025-04-09 09:03 – Updated: 2025-04-09 15:07
    VLAI
    Summary
    Cleartext transmission of sensitive information issue exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a man-in-the-middle attack may allow a remote unauthenticated attacker to eavesdrop the communication and obtain the authentication information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-319 - Cleartext transmission of sensitive information
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27722",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-09T15:05:43.543317Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-09T15:07:39.314Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AC-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cleartext transmission of sensitive information issue exists in Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027. If exploited, a man-in-the-middle attack may allow a remote unauthenticated attacker to eavesdrop the communication and obtain the authentication information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "Cleartext transmission of sensitive information",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-09T09:03:26.029Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.inaba.co.jp/abaniact/news/security_20250404.pdf"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93925742/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-27722",
        "datePublished": "2025-04-09T09:03:26.029Z",
        "dateReserved": "2025-03-24T07:21:19.872Z",
        "dateUpdated": "2025-04-09T15:07:39.314Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-25213 (GCVE-0-2025-25213)

    Vulnerability from cvelistv5 – Published: 2025-04-09 09:03 – Updated: 2025-04-09 17:07
    VLAI
    Summary
    Improper restriction of rendered UI layers or frames issue exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If a user views and clicks on the content on the malicious page while logged in, unintended operations may be performed.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1021 - Improper restriction of rendered UI layers or frames
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-25213",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-09T17:06:42.413898Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-09T17:07:57.202Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AC-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper restriction of rendered UI layers or frames issue exists in Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027. If a user views and clicks on the content on the malicious page while logged in, unintended operations may be performed."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1021",
                  "description": "Improper restriction of rendered UI layers or frames",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-09T09:03:20.081Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.inaba.co.jp/abaniact/news/security_20250404.pdf"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93925742/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-25213",
        "datePublished": "2025-04-09T09:03:20.081Z",
        "dateReserved": "2025-03-24T07:21:15.552Z",
        "dateUpdated": "2025-04-09T17:07:57.202Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-25056 (GCVE-0-2025-25056)

    Vulnerability from cvelistv5 – Published: 2025-04-09 09:03 – Updated: 2025-04-09 17:13
    VLAI
    Summary
    Cross-site request forgery vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If a user views a malicious page while logged in, unintended operations may be performed.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-site request forgery (CSRF)
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-25056",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-09T17:13:20.262542Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-09T17:13:41.222Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AC-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery vulnerability exists in Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027. If a user views a malicious page while logged in, unintended operations may be performed."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "Cross-site request forgery (CSRF)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-09T09:03:14.758Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.inaba.co.jp/abaniact/news/security_20250404.pdf"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93925742/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-25056",
        "datePublished": "2025-04-09T09:03:14.758Z",
        "dateReserved": "2025-03-24T07:21:25.344Z",
        "dateUpdated": "2025-04-09T17:13:41.222Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-25053 (GCVE-0-2025-25053)

    Vulnerability from cvelistv5 – Published: 2025-04-09 09:03 – Updated: 2025-04-09 17:15
    VLAI
    Summary
    OS command injection vulnerability in the WEB UI (the setting page) exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to the product.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-25053",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-09T17:13:55.951870Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-09T17:15:44.479Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AC-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "OS command injection vulnerability in the WEB UI (the setting page) exists in Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to the product."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-09T09:03:09.322Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.inaba.co.jp/abaniact/news/security_20250404.pdf"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93925742/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-25053",
        "datePublished": "2025-04-09T09:03:09.322Z",
        "dateReserved": "2025-03-24T07:21:17.509Z",
        "dateUpdated": "2025-04-09T17:15:44.479Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-23407 (GCVE-0-2025-23407)

    Vulnerability from cvelistv5 – Published: 2025-04-09 09:03 – Updated: 2025-04-09 17:16
    VLAI
    Summary
    Incorrect privilege assignment vulnerability in the WEB UI (the setting page) exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote attacker who can log in to the product may alter the settings without appropriate privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-266 - Incorrect privilege assignment
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-23407",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-09T17:16:09.848050Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-09T17:16:29.703Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AC-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Incorrect privilege assignment vulnerability in the WEB UI (the setting page) exists in Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027. If exploited, a remote attacker who can log in to the product may alter the settings without appropriate privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect privilege assignment",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-09T09:03:03.197Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.inaba.co.jp/abaniact/news/security_20250404.pdf"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93925742/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-23407",
        "datePublished": "2025-04-09T09:03:03.197Z",
        "dateReserved": "2025-03-24T07:21:22.106Z",
        "dateUpdated": "2025-04-09T17:16:29.703Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    JVNDB-2025-002990

    Vulnerability from jvndb - Published: 2025-04-07 17:44 - Updated:2025-04-07 17:44
    Severity
    Summary
    Multiple vulnerabilities in Inaba Denki Sangyo Wi-Fi AP UNIT 'AC-WPS-11ac series'
    Details
    Wi-Fi AP UNIT 'AC-WPS-11ac series' provided by Inaba Denki Sangyo Co., Ltd. contain multiple vulnerabilities listed below.
    • Incorrect privilege assignment in the WEB UI (the setting page) (CWE-266) - CVE-2025-23407
    • OS command injection in the WEB UI (the setting page) (CWE-78) - CVE-2025-25053
    • Cross-site request forgery (CWE-352) - CVE-2025-25056
    • Improper restriction of rendered UI layers or frames (CWE-1021) - CVE-2025-25213
    • Cleartext transmission of sensitive information (CWE-319) - CVE-2025-27722
    • OS command injection in the specific service (CWE-78) - CVE-2025-27797
    • Information disclosure of authentication information in the specific service (CWE-497) - CVE-2025-27934
    • Missing authentication for critical function (CWE-306) - CVE-2025-29870
    Inaba Denki Sangyo Co., Ltd. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-002990.html",
      "dc:date": "2025-04-07T17:44+09:00",
      "dcterms:issued": "2025-04-07T17:44+09:00",
      "dcterms:modified": "2025-04-07T17:44+09:00",
      "description": "Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027 provided by Inaba Denki Sangyo Co., Ltd. contain multiple vulnerabilities listed below.\r\n\r\n\u003cul\u003e\r\n\u003cli\u003e\u003cb\u003eIncorrect privilege assignment in the WEB UI (the setting page) (CWE-266)\u003c/b\u003e - CVE-2025-23407\u003c/li\u003e\r\n\u003cli\u003e\u003cb\u003eOS command injection in the WEB UI (the setting page) (CWE-78)\u003c/b\u003e - CVE-2025-25053\u003c/li\u003e\r\n\u003cli\u003e\u003cb\u003eCross-site request forgery (CWE-352)\u003c/b\u003e - CVE-2025-25056\u003c/li\u003e\r\n\u003cli\u003e\u003cb\u003eImproper restriction of rendered UI layers or frames (CWE-1021)\u003c/b\u003e - CVE-2025-25213\u003c/li\u003e\r\n\u003cli\u003e\u003cb\u003eCleartext transmission of sensitive information (CWE-319)\u003c/b\u003e - CVE-2025-27722\u003c/li\u003e\r\n\u003cli\u003e\u003cb\u003eOS command injection in the specific service (CWE-78)\u003c/b\u003e - CVE-2025-27797\u003c/li\u003e\r\n\u003cli\u003e\u003cb\u003eInformation disclosure of authentication information in the specific service (CWE-497)\u003c/b\u003e - CVE-2025-27934\u003c/li\u003e\r\n\u003cli\u003e\u003cb\u003eMissing authentication for critical function (CWE-306)\u003c/b\u003e - CVE-2025-29870\u003c/li\u003e\r\n\u003c/ul\u003e\r\n\r\nInaba Denki Sangyo Co., Ltd. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
      "link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-002990.html",
      "sec:cpe": [
        {
          "#text": "cpe:/o:inaba:ac-pd-wps-11ac-p_firmware",
          "@product": "AC-PD-WPS-11ac-P",
          "@vendor": "INABA DENKI SANGYO CO., LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:inaba:ac-pd-wps-11ac_firmware",
          "@product": "AC-PD-WPS-11ac",
          "@vendor": "INABA DENKI SANGYO CO., LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:inaba:ac-wps-11ac-p_firmware",
          "@product": "AC-WPS-11ac-P",
          "@vendor": "INABA DENKI SANGYO CO., LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:inaba:ac-wps-11ac_firmware",
          "@product": "AC-WPS-11ac",
          "@vendor": "INABA DENKI SANGYO CO., LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:inaba:ac-wpsm-11ac-p_firmware",
          "@product": "AC-WPSM-11ac-P",
          "@vendor": "INABA DENKI SANGYO CO., LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:inaba:ac-wpsm-11ac_firmware",
          "@product": "AC-WPSM-11ac",
          "@vendor": "INABA DENKI SANGYO CO., LTD.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "9.8",
        "@severity": "Critical",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2025-002990",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/vu/JVNVU93925742/index.html",
          "@id": "JVNVU#93925742",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-23407",
          "@id": "CVE-2025-23407",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-25053",
          "@id": "CVE-2025-25053",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-25056",
          "@id": "CVE-2025-25056",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-25213",
          "@id": "CVE-2025-25213",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-27722",
          "@id": "CVE-2025-27722",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-27797",
          "@id": "CVE-2025-27797",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-27934",
          "@id": "CVE-2025-27934",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-29870",
          "@id": "CVE-2025-29870",
          "@source": "CVE"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/1021.html",
          "@id": "CWE-1021",
          "@title": "Improper Restriction of Rendered UI Layers or Frames(CWE-1021)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/266.html",
          "@id": "CWE-266",
          "@title": "Incorrect Privilege Assignment(CWE-266)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/306.html",
          "@id": "CWE-306",
          "@title": "Missing Authentication for Critical Function(CWE-306)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/319.html",
          "@id": "CWE-319",
          "@title": "Cleartext Transmission of Sensitive Information(CWE-319)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-352",
          "@title": "Cross-Site Request Forgery(CWE-352)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/497.html",
          "@id": "CWE-497",
          "@title": "Exposure of Sensitive System Information to an Unauthorized Control Sphere(CWE-497)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-78",
          "@title": "OS Command Injection(CWE-78)"
        }
      ],
      "title": "Multiple vulnerabilities in Inaba Denki Sangyo Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027"
    }