Search

Find a vulnerability

Search criteria

    41 vulnerabilities by Inaba Denki Sangyo Co., Ltd.

    JVNDB-2025-022062

    Vulnerability from jvndb - Published: 2025-12-17 11:28 - Updated:2025-12-17 11:28
    Severity
    Summary
    Multiple vulnerabilities in CHOCO TEI WATCHER mini
    Details
    CHOCO TEI WATCHER mini provided by Inaba Denki Sangyo Co., Ltd. contains multiple vulnerabilities listed below.
    • Clickjacking (CWE-1021) - CVE-2025-59479
    • Improper check for unusual conditions (CWE-754) - CVE-2025-61976
    • Improper check for unusual conditions (CWE-754) - CVE-2025-66357
    JTEKT ELECTRONICS Quality Control Dept. reported these vulnerabilities to Inaba Denki Sangyo Co., Ltd. and coordinated. After the coordination was completed, Inaba Denki Sangyo Co., Ltd. reported the case to JPCERT/CC to notify users of the solution through JVN.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-022062.html",
      "dc:date": "2025-12-17T11:28+09:00",
      "dcterms:issued": "2025-12-17T11:28+09:00",
      "dcterms:modified": "2025-12-17T11:28+09:00",
      "description": "CHOCO TEI WATCHER mini provided by Inaba Denki Sangyo Co., Ltd. contains multiple vulnerabilities listed below.\r\n\u003cul\u003e\u003cli\u003eClickjacking (CWE-1021) - CVE-2025-59479\u003c/li\u003e\u003cli\u003eImproper check for unusual conditions (CWE-754) - CVE-2025-61976\u003c/li\u003e\u003cli\u003eImproper check for unusual conditions (CWE-754) - CVE-2025-66357\u003c/li\u003e\u003c/ul\u003eJTEKT ELECTRONICS Quality Control Dept. reported these vulnerabilities to Inaba Denki Sangyo Co., Ltd. and coordinated. After the coordination was completed, Inaba Denki Sangyo Co., Ltd. reported the case to JPCERT/CC to notify users of the solution through JVN.",
      "link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-022062.html",
      "sec:cpe": {
        "#text": "cpe:/o:inaba:choco_tei_watcher_mini",
        "@product": "CHOCO TEI WATCHER mini (IB-MCT001)",
        "@vendor": "INABA DENKI SANGYO CO., LTD.",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "7.5",
        "@severity": "High",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2025-022062",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/vu/JVNVU92827367/index.html",
          "@id": "JVNVU#92827367",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-59479",
          "@id": "CVE-2025-59479",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-61976",
          "@id": "CVE-2025-61976",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-66357",
          "@id": "CVE-2025-66357",
          "@source": "CVE"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/1021.html",
          "@id": "CWE-1021",
          "@title": "Improper Restriction of Rendered UI Layers or Frames(CWE-1021)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/754.html",
          "@id": "CWE-754",
          "@title": "Improper Check for Unusual or Exceptional Conditions(CWE-754)"
        }
      ],
      "title": "Multiple vulnerabilities in CHOCO TEI WATCHER mini"
    }

    JVNDB-2025-002990

    Vulnerability from jvndb - Published: 2025-04-07 17:44 - Updated:2025-04-07 17:44
    Severity
    Summary
    Multiple vulnerabilities in Inaba Denki Sangyo Wi-Fi AP UNIT 'AC-WPS-11ac series'
    Details
    Wi-Fi AP UNIT 'AC-WPS-11ac series' provided by Inaba Denki Sangyo Co., Ltd. contain multiple vulnerabilities listed below.
    • Incorrect privilege assignment in the WEB UI (the setting page) (CWE-266) - CVE-2025-23407
    • OS command injection in the WEB UI (the setting page) (CWE-78) - CVE-2025-25053
    • Cross-site request forgery (CWE-352) - CVE-2025-25056
    • Improper restriction of rendered UI layers or frames (CWE-1021) - CVE-2025-25213
    • Cleartext transmission of sensitive information (CWE-319) - CVE-2025-27722
    • OS command injection in the specific service (CWE-78) - CVE-2025-27797
    • Information disclosure of authentication information in the specific service (CWE-497) - CVE-2025-27934
    • Missing authentication for critical function (CWE-306) - CVE-2025-29870
    Inaba Denki Sangyo Co., Ltd. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-002990.html",
      "dc:date": "2025-04-07T17:44+09:00",
      "dcterms:issued": "2025-04-07T17:44+09:00",
      "dcterms:modified": "2025-04-07T17:44+09:00",
      "description": "Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027 provided by Inaba Denki Sangyo Co., Ltd. contain multiple vulnerabilities listed below.\r\n\r\n\u003cul\u003e\r\n\u003cli\u003e\u003cb\u003eIncorrect privilege assignment in the WEB UI (the setting page) (CWE-266)\u003c/b\u003e - CVE-2025-23407\u003c/li\u003e\r\n\u003cli\u003e\u003cb\u003eOS command injection in the WEB UI (the setting page) (CWE-78)\u003c/b\u003e - CVE-2025-25053\u003c/li\u003e\r\n\u003cli\u003e\u003cb\u003eCross-site request forgery (CWE-352)\u003c/b\u003e - CVE-2025-25056\u003c/li\u003e\r\n\u003cli\u003e\u003cb\u003eImproper restriction of rendered UI layers or frames (CWE-1021)\u003c/b\u003e - CVE-2025-25213\u003c/li\u003e\r\n\u003cli\u003e\u003cb\u003eCleartext transmission of sensitive information (CWE-319)\u003c/b\u003e - CVE-2025-27722\u003c/li\u003e\r\n\u003cli\u003e\u003cb\u003eOS command injection in the specific service (CWE-78)\u003c/b\u003e - CVE-2025-27797\u003c/li\u003e\r\n\u003cli\u003e\u003cb\u003eInformation disclosure of authentication information in the specific service (CWE-497)\u003c/b\u003e - CVE-2025-27934\u003c/li\u003e\r\n\u003cli\u003e\u003cb\u003eMissing authentication for critical function (CWE-306)\u003c/b\u003e - CVE-2025-29870\u003c/li\u003e\r\n\u003c/ul\u003e\r\n\r\nInaba Denki Sangyo Co., Ltd. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
      "link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-002990.html",
      "sec:cpe": [
        {
          "#text": "cpe:/o:inaba:ac-pd-wps-11ac-p_firmware",
          "@product": "AC-PD-WPS-11ac-P",
          "@vendor": "INABA DENKI SANGYO CO., LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:inaba:ac-pd-wps-11ac_firmware",
          "@product": "AC-PD-WPS-11ac",
          "@vendor": "INABA DENKI SANGYO CO., LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:inaba:ac-wps-11ac-p_firmware",
          "@product": "AC-WPS-11ac-P",
          "@vendor": "INABA DENKI SANGYO CO., LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:inaba:ac-wps-11ac_firmware",
          "@product": "AC-WPS-11ac",
          "@vendor": "INABA DENKI SANGYO CO., LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:inaba:ac-wpsm-11ac-p_firmware",
          "@product": "AC-WPSM-11ac-P",
          "@vendor": "INABA DENKI SANGYO CO., LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:inaba:ac-wpsm-11ac_firmware",
          "@product": "AC-WPSM-11ac",
          "@vendor": "INABA DENKI SANGYO CO., LTD.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "9.8",
        "@severity": "Critical",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2025-002990",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/vu/JVNVU93925742/index.html",
          "@id": "JVNVU#93925742",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-23407",
          "@id": "CVE-2025-23407",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-25053",
          "@id": "CVE-2025-25053",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-25056",
          "@id": "CVE-2025-25056",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-25213",
          "@id": "CVE-2025-25213",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-27722",
          "@id": "CVE-2025-27722",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-27797",
          "@id": "CVE-2025-27797",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-27934",
          "@id": "CVE-2025-27934",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-29870",
          "@id": "CVE-2025-29870",
          "@source": "CVE"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/1021.html",
          "@id": "CWE-1021",
          "@title": "Improper Restriction of Rendered UI Layers or Frames(CWE-1021)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/266.html",
          "@id": "CWE-266",
          "@title": "Incorrect Privilege Assignment(CWE-266)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/306.html",
          "@id": "CWE-306",
          "@title": "Missing Authentication for Critical Function(CWE-306)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/319.html",
          "@id": "CWE-319",
          "@title": "Cleartext Transmission of Sensitive Information(CWE-319)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-352",
          "@title": "Cross-Site Request Forgery(CWE-352)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/497.html",
          "@id": "CWE-497",
          "@title": "Exposure of Sensitive System Information to an Unauthorized Control Sphere(CWE-497)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-78",
          "@title": "OS Command Injection(CWE-78)"
        }
      ],
      "title": "Multiple vulnerabilities in Inaba Denki Sangyo Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027"
    }

    CVE-2025-66357 (GCVE-0-2025-66357)

    Vulnerability from nvd – Published: 2025-12-16 04:48 – Updated: 2025-12-16 20:38
    VLAI
    Summary
    CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper check for unusual or exceptional conditions. When the Video Download feature is in a specific communication state, the product's resources may be consumed abnormally.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-754 - Improper check for unusual or exceptional conditions
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-66357",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-16T20:38:30.843201Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-16T20:38:43.240Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CHOCO TEI WATCHER mini (IB-MCT001)",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper check for unusual or exceptional conditions. When the Video Download feature is in a specific communication state, the product\u0027s resources may be consumed abnormally."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "Improper check for unusual or exceptional conditions",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-16T04:48:35.968Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.inaba.co.jp/files/chocomini_vulnerability_newly_identified.pdf"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU92827367/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-66357",
        "datePublished": "2025-12-16T04:48:35.968Z",
        "dateReserved": "2025-11-27T14:15:05.859Z",
        "dateUpdated": "2025-12-16T20:38:43.240Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-61976 (GCVE-0-2025-61976)

    Vulnerability from nvd – Published: 2025-12-16 04:48 – Updated: 2025-12-16 19:54
    VLAI
    Summary
    CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper check for unusual or exceptional conditions. If a remote attacker sends a specially crafted request to the Video Download interface, the system may become unresponsive.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-754 - Improper check for unusual or exceptional conditions
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-61976",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-16T19:54:23.462879Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-16T19:54:44.817Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CHOCO TEI WATCHER mini (IB-MCT001)",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper check for unusual or exceptional conditions. If a remote attacker sends a specially crafted request to the Video Download interface, the system may become unresponsive."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "Improper check for unusual or exceptional conditions",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-16T04:48:21.754Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.inaba.co.jp/files/chocomini_vulnerability_newly_identified.pdf"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU92827367/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-61976",
        "datePublished": "2025-12-16T04:48:21.754Z",
        "dateReserved": "2025-11-27T14:14:59.287Z",
        "dateUpdated": "2025-12-16T19:54:44.817Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-59479 (GCVE-0-2025-59479)

    Vulnerability from nvd – Published: 2025-12-16 04:48 – Updated: 2025-12-16 20:44
    VLAI
    Summary
    CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper restriction of rendered UI layers or frames. If a user clicks on content on a malicious web page while logged into the product, unintended operations may be performed on the product.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1021 - Improper restriction of rendered UI layers or frames
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-59479",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-16T20:39:03.166776Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-16T20:44:46.280Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CHOCO TEI WATCHER mini (IB-MCT001)",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper restriction of rendered UI layers or frames. If a user clicks on content on a malicious web page while logged into the product, unintended operations may be performed on the product."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1021",
                  "description": "Improper restriction of rendered UI layers or frames",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-16T04:48:29.861Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.inaba.co.jp/files/chocomini_vulnerability_newly_identified.pdf"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU92827367/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-59479",
        "datePublished": "2025-12-16T04:48:29.861Z",
        "dateReserved": "2025-11-27T14:15:04.880Z",
        "dateUpdated": "2025-12-16T20:44:46.280Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-29870 (GCVE-0-2025-29870)

    Vulnerability from nvd – Published: 2025-04-09 09:03 – Updated: 2025-04-10 14:24
    VLAI
    Summary
    Missing authentication for critical function vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote unauthenticated attacker may obtain the product configuration information including authentication information.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing authentication for critical function
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-29870",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-09T14:16:49.042202Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-10T14:24:24.090Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AC-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Missing authentication for critical function vulnerability exists in Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027. If exploited, a remote unauthenticated attacker may obtain the product configuration information including authentication information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "Missing authentication for critical function",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-09T09:03:35.579Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.inaba.co.jp/abaniact/news/security_20250404.pdf"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93925742/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-29870",
        "datePublished": "2025-04-09T09:03:35.579Z",
        "dateReserved": "2025-03-24T07:21:16.404Z",
        "dateUpdated": "2025-04-10T14:24:24.090Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-27934 (GCVE-0-2025-27934)

    Vulnerability from nvd – Published: 2025-04-09 09:03 – Updated: 2025-04-09 14:20
    VLAI
    Summary
    Information disclosure of authentication information in the specific service vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote unauthenticated attacker may obtain the product authentication information.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-497 - Exposure of sensitive system information to an unauthorized control sphere
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27934",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-09T14:19:54.967646Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-09T14:20:29.090Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AC-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Information disclosure of authentication information in the specific service vulnerability exists in Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027. If exploited, a remote unauthenticated attacker may obtain the product authentication information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-497",
                  "description": "Exposure of sensitive system information to an unauthorized control sphere",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-09T09:03:32.130Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.inaba.co.jp/abaniact/news/security_20250404.pdf"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93925742/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-27934",
        "datePublished": "2025-04-09T09:03:32.130Z",
        "dateReserved": "2025-03-24T07:21:24.473Z",
        "dateUpdated": "2025-04-09T14:20:29.090Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-27797 (GCVE-0-2025-27797)

    Vulnerability from nvd – Published: 2025-04-09 09:03 – Updated: 2025-04-09 14:57
    VLAI
    Summary
    OS command injection vulnerability in the specific service exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to the product.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27797",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-09T14:43:52.062993Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-09T14:57:13.725Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AC-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "OS command injection vulnerability in the specific service exists in Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to the product."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-09T09:03:29.067Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.inaba.co.jp/abaniact/news/security_20250404.pdf"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93925742/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-27797",
        "datePublished": "2025-04-09T09:03:29.067Z",
        "dateReserved": "2025-03-24T07:21:23.496Z",
        "dateUpdated": "2025-04-09T14:57:13.725Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-27722 (GCVE-0-2025-27722)

    Vulnerability from nvd – Published: 2025-04-09 09:03 – Updated: 2025-04-09 15:07
    VLAI
    Summary
    Cleartext transmission of sensitive information issue exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a man-in-the-middle attack may allow a remote unauthenticated attacker to eavesdrop the communication and obtain the authentication information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-319 - Cleartext transmission of sensitive information
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27722",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-09T15:05:43.543317Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-09T15:07:39.314Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AC-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cleartext transmission of sensitive information issue exists in Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027. If exploited, a man-in-the-middle attack may allow a remote unauthenticated attacker to eavesdrop the communication and obtain the authentication information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "Cleartext transmission of sensitive information",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-09T09:03:26.029Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.inaba.co.jp/abaniact/news/security_20250404.pdf"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93925742/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-27722",
        "datePublished": "2025-04-09T09:03:26.029Z",
        "dateReserved": "2025-03-24T07:21:19.872Z",
        "dateUpdated": "2025-04-09T15:07:39.314Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-25213 (GCVE-0-2025-25213)

    Vulnerability from nvd – Published: 2025-04-09 09:03 – Updated: 2025-04-09 17:07
    VLAI
    Summary
    Improper restriction of rendered UI layers or frames issue exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If a user views and clicks on the content on the malicious page while logged in, unintended operations may be performed.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1021 - Improper restriction of rendered UI layers or frames
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-25213",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-09T17:06:42.413898Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-09T17:07:57.202Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AC-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper restriction of rendered UI layers or frames issue exists in Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027. If a user views and clicks on the content on the malicious page while logged in, unintended operations may be performed."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1021",
                  "description": "Improper restriction of rendered UI layers or frames",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-09T09:03:20.081Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.inaba.co.jp/abaniact/news/security_20250404.pdf"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93925742/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-25213",
        "datePublished": "2025-04-09T09:03:20.081Z",
        "dateReserved": "2025-03-24T07:21:15.552Z",
        "dateUpdated": "2025-04-09T17:07:57.202Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-25056 (GCVE-0-2025-25056)

    Vulnerability from nvd – Published: 2025-04-09 09:03 – Updated: 2025-04-09 17:13
    VLAI
    Summary
    Cross-site request forgery vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If a user views a malicious page while logged in, unintended operations may be performed.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-site request forgery (CSRF)
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-25056",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-09T17:13:20.262542Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-09T17:13:41.222Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AC-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery vulnerability exists in Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027. If a user views a malicious page while logged in, unintended operations may be performed."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "Cross-site request forgery (CSRF)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-09T09:03:14.758Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.inaba.co.jp/abaniact/news/security_20250404.pdf"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93925742/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-25056",
        "datePublished": "2025-04-09T09:03:14.758Z",
        "dateReserved": "2025-03-24T07:21:25.344Z",
        "dateUpdated": "2025-04-09T17:13:41.222Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-25053 (GCVE-0-2025-25053)

    Vulnerability from nvd – Published: 2025-04-09 09:03 – Updated: 2025-04-09 17:15
    VLAI
    Summary
    OS command injection vulnerability in the WEB UI (the setting page) exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to the product.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-25053",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-09T17:13:55.951870Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-09T17:15:44.479Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AC-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "OS command injection vulnerability in the WEB UI (the setting page) exists in Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to the product."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-09T09:03:09.322Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.inaba.co.jp/abaniact/news/security_20250404.pdf"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93925742/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-25053",
        "datePublished": "2025-04-09T09:03:09.322Z",
        "dateReserved": "2025-03-24T07:21:17.509Z",
        "dateUpdated": "2025-04-09T17:15:44.479Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-23407 (GCVE-0-2025-23407)

    Vulnerability from nvd – Published: 2025-04-09 09:03 – Updated: 2025-04-09 17:16
    VLAI
    Summary
    Incorrect privilege assignment vulnerability in the WEB UI (the setting page) exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote attacker who can log in to the product may alter the settings without appropriate privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-266 - Incorrect privilege assignment
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-23407",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-09T17:16:09.848050Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-09T17:16:29.703Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AC-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Incorrect privilege assignment vulnerability in the WEB UI (the setting page) exists in Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027. If exploited, a remote attacker who can log in to the product may alter the settings without appropriate privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect privilege assignment",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-09T09:03:03.197Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.inaba.co.jp/abaniact/news/security_20250404.pdf"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93925742/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-23407",
        "datePublished": "2025-04-09T09:03:03.197Z",
        "dateReserved": "2025-03-24T07:21:22.106Z",
        "dateUpdated": "2025-04-09T17:16:29.703Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-26689 (GCVE-0-2025-26689)

    Vulnerability from nvd – Published: 2025-03-31 04:49 – Updated: 2025-03-31 15:58
    VLAI
    Summary
    Direct request ('Forced Browsing') issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If a remote attacker sends a specially crafted HTTP request to the product, the product data may be obtained or deleted, and/or the product settings may be altered.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-425 - Direct request ('Forced Browsing')
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-26689",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-31T15:58:43.306787Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-31T15:58:55.013Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CHOCO TEI WATCHER mini (IB-MCT001)",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Direct request (\u0027Forced Browsing\u0027) issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If a remote attacker sends a specially crafted HTTP request to the product, the product data may be obtained or deleted, and/or the product settings may be altered."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-425",
                  "description": "Direct request (\u0027Forced Browsing\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-31T04:49:30.059Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.inaba.co.jp/files/chocomini_vulnerability.pdf"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU91154745/"
            },
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-084-04"
            },
            {
              "url": "https://www.nozominetworks.com/blog/unpatched-vulnerabilities-in-production-line-cameras-may-allow-remote-surveillance-hinder-stoppage-recording"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-26689",
        "datePublished": "2025-03-31T04:49:30.059Z",
        "dateReserved": "2025-02-13T01:13:10.937Z",
        "dateUpdated": "2025-03-31T15:58:55.013Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-25211 (GCVE-0-2025-25211)

    Vulnerability from nvd – Published: 2025-03-31 04:49 – Updated: 2025-03-31 16:01
    VLAI
    Summary
    Weak password requirements issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a brute-force attack may allow an attacker unauthorized access and login.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-521 - Weak password requirements
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-25211",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-31T16:00:36.292801Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-31T16:01:20.073Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CHOCO TEI WATCHER mini (IB-MCT001)",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Weak password requirements issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a brute-force attack may allow an attacker unauthorized access and login."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-521",
                  "description": "Weak password requirements",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-31T04:49:19.439Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.inaba.co.jp/files/chocomini_vulnerability.pdf"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU91154745/"
            },
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-084-04"
            },
            {
              "url": "https://www.nozominetworks.com/blog/unpatched-vulnerabilities-in-production-line-cameras-may-allow-remote-surveillance-hinder-stoppage-recording"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-25211",
        "datePublished": "2025-03-31T04:49:19.439Z",
        "dateReserved": "2025-02-13T01:13:11.820Z",
        "dateUpdated": "2025-03-31T16:01:20.073Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-24852 (GCVE-0-2025-24852)

    Vulnerability from nvd – Published: 2025-03-31 04:49 – Updated: 2025-03-31 16:02
    VLAI
    Summary
    Storing passwords in a recoverable format issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, an attacker who can access the microSD card used on the product may obtain the product login password.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-257 - Storing passwords in a recoverable format
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-24852",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-31T16:01:40.322037Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-31T16:02:38.648Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CHOCO TEI WATCHER mini (IB-MCT001)",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Storing passwords in a recoverable format issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, an attacker who can access the microSD card used on the product may obtain the product login password."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-257",
                  "description": "Storing passwords in a recoverable format",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-31T04:49:07.988Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.inaba.co.jp/files/chocomini_vulnerability.pdf"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU91154745/"
            },
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-084-04"
            },
            {
              "url": "https://www.nozominetworks.com/blog/unpatched-vulnerabilities-in-production-line-cameras-may-allow-remote-surveillance-hinder-stoppage-recording"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-24852",
        "datePublished": "2025-03-31T04:49:07.988Z",
        "dateReserved": "2025-02-13T01:13:13.769Z",
        "dateUpdated": "2025-03-31T16:02:38.648Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-24517 (GCVE-0-2025-24517)

    Vulnerability from nvd – Published: 2025-03-31 04:48 – Updated: 2025-03-31 12:59
    VLAI
    Summary
    Use of client-side authentication issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a remote attacker may obtain the product login password without authentication.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-603 - Use of client-side authentication
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-24517",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-31T12:59:27.616832Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-31T12:59:34.323Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CHOCO TEI WATCHER mini (IB-MCT001)",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Use of client-side authentication issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a remote attacker may obtain the product login password without authentication."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-603",
                  "description": "Use of client-side authentication",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-31T04:48:57.473Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.inaba.co.jp/files/chocomini_vulnerability.pdf"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU91154745/"
            },
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-084-04"
            },
            {
              "url": "https://www.nozominetworks.com/blog/unpatched-vulnerabilities-in-production-line-cameras-may-allow-remote-surveillance-hinder-stoppage-recording"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-24517",
        "datePublished": "2025-03-31T04:48:57.473Z",
        "dateReserved": "2025-02-13T01:13:12.880Z",
        "dateUpdated": "2025-03-31T12:59:34.323Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-66357 (GCVE-0-2025-66357)

    Vulnerability from cvelistv5 – Published: 2025-12-16 04:48 – Updated: 2025-12-16 20:38
    VLAI
    Summary
    CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper check for unusual or exceptional conditions. When the Video Download feature is in a specific communication state, the product's resources may be consumed abnormally.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-754 - Improper check for unusual or exceptional conditions
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-66357",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-16T20:38:30.843201Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-16T20:38:43.240Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CHOCO TEI WATCHER mini (IB-MCT001)",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper check for unusual or exceptional conditions. When the Video Download feature is in a specific communication state, the product\u0027s resources may be consumed abnormally."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "Improper check for unusual or exceptional conditions",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-16T04:48:35.968Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.inaba.co.jp/files/chocomini_vulnerability_newly_identified.pdf"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU92827367/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-66357",
        "datePublished": "2025-12-16T04:48:35.968Z",
        "dateReserved": "2025-11-27T14:15:05.859Z",
        "dateUpdated": "2025-12-16T20:38:43.240Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-59479 (GCVE-0-2025-59479)

    Vulnerability from cvelistv5 – Published: 2025-12-16 04:48 – Updated: 2025-12-16 20:44
    VLAI
    Summary
    CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper restriction of rendered UI layers or frames. If a user clicks on content on a malicious web page while logged into the product, unintended operations may be performed on the product.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1021 - Improper restriction of rendered UI layers or frames
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-59479",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-16T20:39:03.166776Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-16T20:44:46.280Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CHOCO TEI WATCHER mini (IB-MCT001)",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper restriction of rendered UI layers or frames. If a user clicks on content on a malicious web page while logged into the product, unintended operations may be performed on the product."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1021",
                  "description": "Improper restriction of rendered UI layers or frames",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-16T04:48:29.861Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.inaba.co.jp/files/chocomini_vulnerability_newly_identified.pdf"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU92827367/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-59479",
        "datePublished": "2025-12-16T04:48:29.861Z",
        "dateReserved": "2025-11-27T14:15:04.880Z",
        "dateUpdated": "2025-12-16T20:44:46.280Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-61976 (GCVE-0-2025-61976)

    Vulnerability from cvelistv5 – Published: 2025-12-16 04:48 – Updated: 2025-12-16 19:54
    VLAI
    Summary
    CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper check for unusual or exceptional conditions. If a remote attacker sends a specially crafted request to the Video Download interface, the system may become unresponsive.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-754 - Improper check for unusual or exceptional conditions
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-61976",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-16T19:54:23.462879Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-16T19:54:44.817Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CHOCO TEI WATCHER mini (IB-MCT001)",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper check for unusual or exceptional conditions. If a remote attacker sends a specially crafted request to the Video Download interface, the system may become unresponsive."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-754",
                  "description": "Improper check for unusual or exceptional conditions",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-16T04:48:21.754Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.inaba.co.jp/files/chocomini_vulnerability_newly_identified.pdf"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU92827367/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-61976",
        "datePublished": "2025-12-16T04:48:21.754Z",
        "dateReserved": "2025-11-27T14:14:59.287Z",
        "dateUpdated": "2025-12-16T19:54:44.817Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-29870 (GCVE-0-2025-29870)

    Vulnerability from cvelistv5 – Published: 2025-04-09 09:03 – Updated: 2025-04-10 14:24
    VLAI
    Summary
    Missing authentication for critical function vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote unauthenticated attacker may obtain the product configuration information including authentication information.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing authentication for critical function
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-29870",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-09T14:16:49.042202Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-10T14:24:24.090Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AC-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Missing authentication for critical function vulnerability exists in Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027. If exploited, a remote unauthenticated attacker may obtain the product configuration information including authentication information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "Missing authentication for critical function",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-09T09:03:35.579Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.inaba.co.jp/abaniact/news/security_20250404.pdf"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93925742/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-29870",
        "datePublished": "2025-04-09T09:03:35.579Z",
        "dateReserved": "2025-03-24T07:21:16.404Z",
        "dateUpdated": "2025-04-10T14:24:24.090Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-27934 (GCVE-0-2025-27934)

    Vulnerability from cvelistv5 – Published: 2025-04-09 09:03 – Updated: 2025-04-09 14:20
    VLAI
    Summary
    Information disclosure of authentication information in the specific service vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote unauthenticated attacker may obtain the product authentication information.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-497 - Exposure of sensitive system information to an unauthorized control sphere
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27934",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-09T14:19:54.967646Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-09T14:20:29.090Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AC-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Information disclosure of authentication information in the specific service vulnerability exists in Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027. If exploited, a remote unauthenticated attacker may obtain the product authentication information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-497",
                  "description": "Exposure of sensitive system information to an unauthorized control sphere",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-09T09:03:32.130Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.inaba.co.jp/abaniact/news/security_20250404.pdf"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93925742/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-27934",
        "datePublished": "2025-04-09T09:03:32.130Z",
        "dateReserved": "2025-03-24T07:21:24.473Z",
        "dateUpdated": "2025-04-09T14:20:29.090Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-27797 (GCVE-0-2025-27797)

    Vulnerability from cvelistv5 – Published: 2025-04-09 09:03 – Updated: 2025-04-09 14:57
    VLAI
    Summary
    OS command injection vulnerability in the specific service exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to the product.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27797",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-09T14:43:52.062993Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-09T14:57:13.725Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AC-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "OS command injection vulnerability in the specific service exists in Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to the product."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-09T09:03:29.067Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.inaba.co.jp/abaniact/news/security_20250404.pdf"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93925742/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-27797",
        "datePublished": "2025-04-09T09:03:29.067Z",
        "dateReserved": "2025-03-24T07:21:23.496Z",
        "dateUpdated": "2025-04-09T14:57:13.725Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-27722 (GCVE-0-2025-27722)

    Vulnerability from cvelistv5 – Published: 2025-04-09 09:03 – Updated: 2025-04-09 15:07
    VLAI
    Summary
    Cleartext transmission of sensitive information issue exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a man-in-the-middle attack may allow a remote unauthenticated attacker to eavesdrop the communication and obtain the authentication information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-319 - Cleartext transmission of sensitive information
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27722",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-09T15:05:43.543317Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-09T15:07:39.314Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AC-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cleartext transmission of sensitive information issue exists in Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027. If exploited, a man-in-the-middle attack may allow a remote unauthenticated attacker to eavesdrop the communication and obtain the authentication information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "Cleartext transmission of sensitive information",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-09T09:03:26.029Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.inaba.co.jp/abaniact/news/security_20250404.pdf"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93925742/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-27722",
        "datePublished": "2025-04-09T09:03:26.029Z",
        "dateReserved": "2025-03-24T07:21:19.872Z",
        "dateUpdated": "2025-04-09T15:07:39.314Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-25213 (GCVE-0-2025-25213)

    Vulnerability from cvelistv5 – Published: 2025-04-09 09:03 – Updated: 2025-04-09 17:07
    VLAI
    Summary
    Improper restriction of rendered UI layers or frames issue exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If a user views and clicks on the content on the malicious page while logged in, unintended operations may be performed.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1021 - Improper restriction of rendered UI layers or frames
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-25213",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-09T17:06:42.413898Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-09T17:07:57.202Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AC-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper restriction of rendered UI layers or frames issue exists in Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027. If a user views and clicks on the content on the malicious page while logged in, unintended operations may be performed."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1021",
                  "description": "Improper restriction of rendered UI layers or frames",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-09T09:03:20.081Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.inaba.co.jp/abaniact/news/security_20250404.pdf"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93925742/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-25213",
        "datePublished": "2025-04-09T09:03:20.081Z",
        "dateReserved": "2025-03-24T07:21:15.552Z",
        "dateUpdated": "2025-04-09T17:07:57.202Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-25056 (GCVE-0-2025-25056)

    Vulnerability from cvelistv5 – Published: 2025-04-09 09:03 – Updated: 2025-04-09 17:13
    VLAI
    Summary
    Cross-site request forgery vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If a user views a malicious page while logged in, unintended operations may be performed.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-site request forgery (CSRF)
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-25056",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-09T17:13:20.262542Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-09T17:13:41.222Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AC-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery vulnerability exists in Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027. If a user views a malicious page while logged in, unintended operations may be performed."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "Cross-site request forgery (CSRF)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-09T09:03:14.758Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.inaba.co.jp/abaniact/news/security_20250404.pdf"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93925742/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-25056",
        "datePublished": "2025-04-09T09:03:14.758Z",
        "dateReserved": "2025-03-24T07:21:25.344Z",
        "dateUpdated": "2025-04-09T17:13:41.222Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-25053 (GCVE-0-2025-25053)

    Vulnerability from cvelistv5 – Published: 2025-04-09 09:03 – Updated: 2025-04-09 17:15
    VLAI
    Summary
    OS command injection vulnerability in the WEB UI (the setting page) exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to the product.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-25053",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-09T17:13:55.951870Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-09T17:15:44.479Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AC-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "OS command injection vulnerability in the WEB UI (the setting page) exists in Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to the product."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-09T09:03:09.322Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.inaba.co.jp/abaniact/news/security_20250404.pdf"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93925742/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-25053",
        "datePublished": "2025-04-09T09:03:09.322Z",
        "dateReserved": "2025-03-24T07:21:17.509Z",
        "dateUpdated": "2025-04-09T17:15:44.479Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-23407 (GCVE-0-2025-23407)

    Vulnerability from cvelistv5 – Published: 2025-04-09 09:03 – Updated: 2025-04-09 17:16
    VLAI
    Summary
    Incorrect privilege assignment vulnerability in the WEB UI (the setting page) exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote attacker who can log in to the product may alter the settings without appropriate privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-266 - Incorrect privilege assignment
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-23407",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-09T17:16:09.848050Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-09T17:16:29.703Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AC-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-WPSM-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            },
            {
              "product": "AC-PD-WPS-11ac-P",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.0.03P and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Incorrect privilege assignment vulnerability in the WEB UI (the setting page) exists in Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027. If exploited, a remote attacker who can log in to the product may alter the settings without appropriate privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect privilege assignment",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-09T09:03:03.197Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.inaba.co.jp/abaniact/news/security_20250404.pdf"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU93925742/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-23407",
        "datePublished": "2025-04-09T09:03:03.197Z",
        "dateReserved": "2025-03-24T07:21:22.106Z",
        "dateUpdated": "2025-04-09T17:16:29.703Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-26689 (GCVE-0-2025-26689)

    Vulnerability from cvelistv5 – Published: 2025-03-31 04:49 – Updated: 2025-03-31 15:58
    VLAI
    Summary
    Direct request ('Forced Browsing') issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If a remote attacker sends a specially crafted HTTP request to the product, the product data may be obtained or deleted, and/or the product settings may be altered.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-425 - Direct request ('Forced Browsing')
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-26689",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-31T15:58:43.306787Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-31T15:58:55.013Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CHOCO TEI WATCHER mini (IB-MCT001)",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Direct request (\u0027Forced Browsing\u0027) issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If a remote attacker sends a specially crafted HTTP request to the product, the product data may be obtained or deleted, and/or the product settings may be altered."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-425",
                  "description": "Direct request (\u0027Forced Browsing\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-31T04:49:30.059Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.inaba.co.jp/files/chocomini_vulnerability.pdf"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU91154745/"
            },
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-084-04"
            },
            {
              "url": "https://www.nozominetworks.com/blog/unpatched-vulnerabilities-in-production-line-cameras-may-allow-remote-surveillance-hinder-stoppage-recording"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-26689",
        "datePublished": "2025-03-31T04:49:30.059Z",
        "dateReserved": "2025-02-13T01:13:10.937Z",
        "dateUpdated": "2025-03-31T15:58:55.013Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-25211 (GCVE-0-2025-25211)

    Vulnerability from cvelistv5 – Published: 2025-03-31 04:49 – Updated: 2025-03-31 16:01
    VLAI
    Summary
    Weak password requirements issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a brute-force attack may allow an attacker unauthorized access and login.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-521 - Weak password requirements
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-25211",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-31T16:00:36.292801Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-31T16:01:20.073Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CHOCO TEI WATCHER mini (IB-MCT001)",
              "vendor": "Inaba Denki Sangyo Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Weak password requirements issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a brute-force attack may allow an attacker unauthorized access and login."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-521",
                  "description": "Weak password requirements",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-31T04:49:19.439Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.inaba.co.jp/files/chocomini_vulnerability.pdf"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU91154745/"
            },
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-084-04"
            },
            {
              "url": "https://www.nozominetworks.com/blog/unpatched-vulnerabilities-in-production-line-cameras-may-allow-remote-surveillance-hinder-stoppage-recording"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-25211",
        "datePublished": "2025-03-31T04:49:19.439Z",
        "dateReserved": "2025-02-13T01:13:11.820Z",
        "dateUpdated": "2025-03-31T16:01:20.073Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }