Search
Find a vulnerability
Search criteria
41 vulnerabilities by Inaba Denki Sangyo Co., Ltd.
JVNDB-2025-022062
Vulnerability from jvndb - Published: 2025-12-17 11:28 - Updated:2025-12-17 11:28
Severity
Summary
Multiple vulnerabilities in CHOCO TEI WATCHER mini
Details
CHOCO TEI WATCHER mini provided by Inaba Denki Sangyo Co., Ltd. contains multiple vulnerabilities listed below.
- Clickjacking (CWE-1021) - CVE-2025-59479
- Improper check for unusual conditions (CWE-754) - CVE-2025-61976
- Improper check for unusual conditions (CWE-754) - CVE-2025-66357
References
| Type | URL | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-022062.html",
"dc:date": "2025-12-17T11:28+09:00",
"dcterms:issued": "2025-12-17T11:28+09:00",
"dcterms:modified": "2025-12-17T11:28+09:00",
"description": "CHOCO TEI WATCHER mini provided by Inaba Denki Sangyo Co., Ltd. contains multiple vulnerabilities listed below.\r\n\u003cul\u003e\u003cli\u003eClickjacking (CWE-1021) - CVE-2025-59479\u003c/li\u003e\u003cli\u003eImproper check for unusual conditions (CWE-754) - CVE-2025-61976\u003c/li\u003e\u003cli\u003eImproper check for unusual conditions (CWE-754) - CVE-2025-66357\u003c/li\u003e\u003c/ul\u003eJTEKT ELECTRONICS Quality Control Dept. reported these vulnerabilities to Inaba Denki Sangyo Co., Ltd. and coordinated. After the coordination was completed, Inaba Denki Sangyo Co., Ltd. reported the case to JPCERT/CC to notify users of the solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-022062.html",
"sec:cpe": {
"#text": "cpe:/o:inaba:choco_tei_watcher_mini",
"@product": "CHOCO TEI WATCHER mini (IB-MCT001)",
"@vendor": "INABA DENKI SANGYO CO., LTD.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-022062",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU92827367/index.html",
"@id": "JVNVU#92827367",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-59479",
"@id": "CVE-2025-59479",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-61976",
"@id": "CVE-2025-61976",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-66357",
"@id": "CVE-2025-66357",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/1021.html",
"@id": "CWE-1021",
"@title": "Improper Restriction of Rendered UI Layers or Frames(CWE-1021)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/754.html",
"@id": "CWE-754",
"@title": "Improper Check for Unusual or Exceptional Conditions(CWE-754)"
}
],
"title": "Multiple vulnerabilities in CHOCO TEI WATCHER mini"
}
JVNDB-2025-002990
Vulnerability from jvndb - Published: 2025-04-07 17:44 - Updated:2025-04-07 17:44
Severity
Summary
Multiple vulnerabilities in Inaba Denki Sangyo Wi-Fi AP UNIT 'AC-WPS-11ac series'
Details
Wi-Fi AP UNIT 'AC-WPS-11ac series' provided by Inaba Denki Sangyo Co., Ltd. contain multiple vulnerabilities listed below.
- Incorrect privilege assignment in the WEB UI (the setting page) (CWE-266) - CVE-2025-23407
- OS command injection in the WEB UI (the setting page) (CWE-78) - CVE-2025-25053
- Cross-site request forgery (CWE-352) - CVE-2025-25056
- Improper restriction of rendered UI layers or frames (CWE-1021) - CVE-2025-25213
- Cleartext transmission of sensitive information (CWE-319) - CVE-2025-27722
- OS command injection in the specific service (CWE-78) - CVE-2025-27797
- Information disclosure of authentication information in the specific service (CWE-497) - CVE-2025-27934
- Missing authentication for critical function (CWE-306) - CVE-2025-29870
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-002990.html",
"dc:date": "2025-04-07T17:44+09:00",
"dcterms:issued": "2025-04-07T17:44+09:00",
"dcterms:modified": "2025-04-07T17:44+09:00",
"description": "Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027 provided by Inaba Denki Sangyo Co., Ltd. contain multiple vulnerabilities listed below.\r\n\r\n\u003cul\u003e\r\n\u003cli\u003e\u003cb\u003eIncorrect privilege assignment in the WEB UI (the setting page) (CWE-266)\u003c/b\u003e - CVE-2025-23407\u003c/li\u003e\r\n\u003cli\u003e\u003cb\u003eOS command injection in the WEB UI (the setting page) (CWE-78)\u003c/b\u003e - CVE-2025-25053\u003c/li\u003e\r\n\u003cli\u003e\u003cb\u003eCross-site request forgery (CWE-352)\u003c/b\u003e - CVE-2025-25056\u003c/li\u003e\r\n\u003cli\u003e\u003cb\u003eImproper restriction of rendered UI layers or frames (CWE-1021)\u003c/b\u003e - CVE-2025-25213\u003c/li\u003e\r\n\u003cli\u003e\u003cb\u003eCleartext transmission of sensitive information (CWE-319)\u003c/b\u003e - CVE-2025-27722\u003c/li\u003e\r\n\u003cli\u003e\u003cb\u003eOS command injection in the specific service (CWE-78)\u003c/b\u003e - CVE-2025-27797\u003c/li\u003e\r\n\u003cli\u003e\u003cb\u003eInformation disclosure of authentication information in the specific service (CWE-497)\u003c/b\u003e - CVE-2025-27934\u003c/li\u003e\r\n\u003cli\u003e\u003cb\u003eMissing authentication for critical function (CWE-306)\u003c/b\u003e - CVE-2025-29870\u003c/li\u003e\r\n\u003c/ul\u003e\r\n\r\nInaba Denki Sangyo Co., Ltd. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-002990.html",
"sec:cpe": [
{
"#text": "cpe:/o:inaba:ac-pd-wps-11ac-p_firmware",
"@product": "AC-PD-WPS-11ac-P",
"@vendor": "INABA DENKI SANGYO CO., LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:inaba:ac-pd-wps-11ac_firmware",
"@product": "AC-PD-WPS-11ac",
"@vendor": "INABA DENKI SANGYO CO., LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:inaba:ac-wps-11ac-p_firmware",
"@product": "AC-WPS-11ac-P",
"@vendor": "INABA DENKI SANGYO CO., LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:inaba:ac-wps-11ac_firmware",
"@product": "AC-WPS-11ac",
"@vendor": "INABA DENKI SANGYO CO., LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:inaba:ac-wpsm-11ac-p_firmware",
"@product": "AC-WPSM-11ac-P",
"@vendor": "INABA DENKI SANGYO CO., LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:inaba:ac-wpsm-11ac_firmware",
"@product": "AC-WPSM-11ac",
"@vendor": "INABA DENKI SANGYO CO., LTD.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "9.8",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-002990",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU93925742/index.html",
"@id": "JVNVU#93925742",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-23407",
"@id": "CVE-2025-23407",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-25053",
"@id": "CVE-2025-25053",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-25056",
"@id": "CVE-2025-25056",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-25213",
"@id": "CVE-2025-25213",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-27722",
"@id": "CVE-2025-27722",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-27797",
"@id": "CVE-2025-27797",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-27934",
"@id": "CVE-2025-27934",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-29870",
"@id": "CVE-2025-29870",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/1021.html",
"@id": "CWE-1021",
"@title": "Improper Restriction of Rendered UI Layers or Frames(CWE-1021)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/266.html",
"@id": "CWE-266",
"@title": "Incorrect Privilege Assignment(CWE-266)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/306.html",
"@id": "CWE-306",
"@title": "Missing Authentication for Critical Function(CWE-306)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/319.html",
"@id": "CWE-319",
"@title": "Cleartext Transmission of Sensitive Information(CWE-319)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/497.html",
"@id": "CWE-497",
"@title": "Exposure of Sensitive System Information to an Unauthorized Control Sphere(CWE-497)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
}
],
"title": "Multiple vulnerabilities in Inaba Denki Sangyo Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027"
}
CVE-2025-66357 (GCVE-0-2025-66357)
Vulnerability from nvd – Published: 2025-12-16 04:48 – Updated: 2025-12-16 20:38
VLAI
Summary
CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper check for unusual or exceptional conditions. When the Video Download feature is in a specific communication state, the product's resources may be consumed abnormally.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-754 - Improper check for unusual or exceptional conditions
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Inaba Denki Sangyo Co., Ltd. | CHOCO TEI WATCHER mini (IB-MCT001) |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66357",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-16T20:38:30.843201Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T20:38:43.240Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CHOCO TEI WATCHER mini (IB-MCT001)",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper check for unusual or exceptional conditions. When the Video Download feature is in a specific communication state, the product\u0027s resources may be consumed abnormally."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "Improper check for unusual or exceptional conditions",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T04:48:35.968Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.inaba.co.jp/files/chocomini_vulnerability_newly_identified.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU92827367/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-66357",
"datePublished": "2025-12-16T04:48:35.968Z",
"dateReserved": "2025-11-27T14:15:05.859Z",
"dateUpdated": "2025-12-16T20:38:43.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-61976 (GCVE-0-2025-61976)
Vulnerability from nvd – Published: 2025-12-16 04:48 – Updated: 2025-12-16 19:54
VLAI
Summary
CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper check for unusual or exceptional conditions. If a remote attacker sends a specially crafted request to the Video Download interface, the system may become unresponsive.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-754 - Improper check for unusual or exceptional conditions
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Inaba Denki Sangyo Co., Ltd. | CHOCO TEI WATCHER mini (IB-MCT001) |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-61976",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-16T19:54:23.462879Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T19:54:44.817Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CHOCO TEI WATCHER mini (IB-MCT001)",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper check for unusual or exceptional conditions. If a remote attacker sends a specially crafted request to the Video Download interface, the system may become unresponsive."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "Improper check for unusual or exceptional conditions",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T04:48:21.754Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.inaba.co.jp/files/chocomini_vulnerability_newly_identified.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU92827367/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-61976",
"datePublished": "2025-12-16T04:48:21.754Z",
"dateReserved": "2025-11-27T14:14:59.287Z",
"dateUpdated": "2025-12-16T19:54:44.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-59479 (GCVE-0-2025-59479)
Vulnerability from nvd – Published: 2025-12-16 04:48 – Updated: 2025-12-16 20:44
VLAI
Summary
CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper restriction of rendered UI layers or frames. If a user clicks on content on a malicious web page while logged into the product, unintended operations may be performed on the product.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1021 - Improper restriction of rendered UI layers or frames
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Inaba Denki Sangyo Co., Ltd. | CHOCO TEI WATCHER mini (IB-MCT001) |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59479",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-16T20:39:03.166776Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T20:44:46.280Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CHOCO TEI WATCHER mini (IB-MCT001)",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper restriction of rendered UI layers or frames. If a user clicks on content on a malicious web page while logged into the product, unintended operations may be performed on the product."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1021",
"description": "Improper restriction of rendered UI layers or frames",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T04:48:29.861Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.inaba.co.jp/files/chocomini_vulnerability_newly_identified.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU92827367/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-59479",
"datePublished": "2025-12-16T04:48:29.861Z",
"dateReserved": "2025-11-27T14:15:04.880Z",
"dateUpdated": "2025-12-16T20:44:46.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-29870 (GCVE-0-2025-29870)
Vulnerability from nvd – Published: 2025-04-09 09:03 – Updated: 2025-04-10 14:24
VLAI
Summary
Missing authentication for critical function vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote unauthenticated attacker may obtain the product configuration information including authentication information.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing authentication for critical function
Assigner
References
2 references
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Inaba Denki Sangyo Co., Ltd. | AC-WPS-11ac |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-WPS-11ac-P |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-WPSM-11ac |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-WPSM-11ac-P |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-PD-WPS-11ac |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-PD-WPS-11ac-P |
Affected:
v2.0.03P and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-29870",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T14:16:49.042202Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T14:24:24.090Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC-WPS-11ac",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-WPS-11ac-P",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-WPSM-11ac",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-WPSM-11ac-P",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-PD-WPS-11ac",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-PD-WPS-11ac-P",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing authentication for critical function vulnerability exists in Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027. If exploited, a remote unauthenticated attacker may obtain the product configuration information including authentication information."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "Missing authentication for critical function",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T09:03:35.579Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.inaba.co.jp/abaniact/news/security_20250404.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93925742/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-29870",
"datePublished": "2025-04-09T09:03:35.579Z",
"dateReserved": "2025-03-24T07:21:16.404Z",
"dateUpdated": "2025-04-10T14:24:24.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27934 (GCVE-0-2025-27934)
Vulnerability from nvd – Published: 2025-04-09 09:03 – Updated: 2025-04-09 14:20
VLAI
Summary
Information disclosure of authentication information in the specific service vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote unauthenticated attacker may obtain the product authentication information.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-497 - Exposure of sensitive system information to an unauthorized control sphere
Assigner
References
2 references
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Inaba Denki Sangyo Co., Ltd. | AC-WPS-11ac |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-WPS-11ac-P |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-WPSM-11ac |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-WPSM-11ac-P |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-PD-WPS-11ac |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-PD-WPS-11ac-P |
Affected:
v2.0.03P and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27934",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T14:19:54.967646Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T14:20:29.090Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC-WPS-11ac",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-WPS-11ac-P",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-WPSM-11ac",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-WPSM-11ac-P",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-PD-WPS-11ac",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-PD-WPS-11ac-P",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Information disclosure of authentication information in the specific service vulnerability exists in Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027. If exploited, a remote unauthenticated attacker may obtain the product authentication information."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "Exposure of sensitive system information to an unauthorized control sphere",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T09:03:32.130Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.inaba.co.jp/abaniact/news/security_20250404.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93925742/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-27934",
"datePublished": "2025-04-09T09:03:32.130Z",
"dateReserved": "2025-03-24T07:21:24.473Z",
"dateUpdated": "2025-04-09T14:20:29.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27797 (GCVE-0-2025-27797)
Vulnerability from nvd – Published: 2025-04-09 09:03 – Updated: 2025-04-09 14:57
VLAI
Summary
OS command injection vulnerability in the specific service exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to the product.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
Assigner
References
2 references
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Inaba Denki Sangyo Co., Ltd. | AC-WPS-11ac |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-WPS-11ac-P |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-WPSM-11ac |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-WPSM-11ac-P |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-PD-WPS-11ac |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-PD-WPS-11ac-P |
Affected:
v2.0.03P and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27797",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T14:43:52.062993Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T14:57:13.725Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC-WPS-11ac",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-WPS-11ac-P",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-WPSM-11ac",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-WPSM-11ac-P",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-PD-WPS-11ac",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-PD-WPS-11ac-P",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OS command injection vulnerability in the specific service exists in Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to the product."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T09:03:29.067Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.inaba.co.jp/abaniact/news/security_20250404.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93925742/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-27797",
"datePublished": "2025-04-09T09:03:29.067Z",
"dateReserved": "2025-03-24T07:21:23.496Z",
"dateUpdated": "2025-04-09T14:57:13.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27722 (GCVE-0-2025-27722)
Vulnerability from nvd – Published: 2025-04-09 09:03 – Updated: 2025-04-09 15:07
VLAI
Summary
Cleartext transmission of sensitive information issue exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a man-in-the-middle attack may allow a remote unauthenticated attacker to eavesdrop the communication and obtain the authentication information.
Severity
5.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-319 - Cleartext transmission of sensitive information
Assigner
References
2 references
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Inaba Denki Sangyo Co., Ltd. | AC-WPS-11ac |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-WPS-11ac-P |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-WPSM-11ac |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-WPSM-11ac-P |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-PD-WPS-11ac |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-PD-WPS-11ac-P |
Affected:
v2.0.03P and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27722",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T15:05:43.543317Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T15:07:39.314Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC-WPS-11ac",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-WPS-11ac-P",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-WPSM-11ac",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-WPSM-11ac-P",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-PD-WPS-11ac",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-PD-WPS-11ac-P",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cleartext transmission of sensitive information issue exists in Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027. If exploited, a man-in-the-middle attack may allow a remote unauthenticated attacker to eavesdrop the communication and obtain the authentication information."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "Cleartext transmission of sensitive information",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T09:03:26.029Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.inaba.co.jp/abaniact/news/security_20250404.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93925742/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-27722",
"datePublished": "2025-04-09T09:03:26.029Z",
"dateReserved": "2025-03-24T07:21:19.872Z",
"dateUpdated": "2025-04-09T15:07:39.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-25213 (GCVE-0-2025-25213)
Vulnerability from nvd – Published: 2025-04-09 09:03 – Updated: 2025-04-09 17:07
VLAI
Summary
Improper restriction of rendered UI layers or frames issue exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If a user views and clicks on the content on the malicious page while logged in, unintended operations may be performed.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1021 - Improper restriction of rendered UI layers or frames
Assigner
References
2 references
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Inaba Denki Sangyo Co., Ltd. | AC-WPS-11ac |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-WPS-11ac-P |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-WPSM-11ac |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-WPSM-11ac-P |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-PD-WPS-11ac |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-PD-WPS-11ac-P |
Affected:
v2.0.03P and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25213",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T17:06:42.413898Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T17:07:57.202Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC-WPS-11ac",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-WPS-11ac-P",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-WPSM-11ac",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-WPSM-11ac-P",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-PD-WPS-11ac",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-PD-WPS-11ac-P",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper restriction of rendered UI layers or frames issue exists in Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027. If a user views and clicks on the content on the malicious page while logged in, unintended operations may be performed."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1021",
"description": "Improper restriction of rendered UI layers or frames",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T09:03:20.081Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.inaba.co.jp/abaniact/news/security_20250404.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93925742/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-25213",
"datePublished": "2025-04-09T09:03:20.081Z",
"dateReserved": "2025-03-24T07:21:15.552Z",
"dateUpdated": "2025-04-09T17:07:57.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-25056 (GCVE-0-2025-25056)
Vulnerability from nvd – Published: 2025-04-09 09:03 – Updated: 2025-04-09 17:13
VLAI
Summary
Cross-site request forgery vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If a user views a malicious page while logged in, unintended operations may be performed.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-352 - Cross-site request forgery (CSRF)
Assigner
References
2 references
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Inaba Denki Sangyo Co., Ltd. | AC-WPS-11ac |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-WPS-11ac-P |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-WPSM-11ac |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-WPSM-11ac-P |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-PD-WPS-11ac |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-PD-WPS-11ac-P |
Affected:
v2.0.03P and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25056",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T17:13:20.262542Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T17:13:41.222Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC-WPS-11ac",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-WPS-11ac-P",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-WPSM-11ac",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-WPSM-11ac-P",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-PD-WPS-11ac",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-PD-WPS-11ac-P",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery vulnerability exists in Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027. If a user views a malicious page while logged in, unintended operations may be performed."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-site request forgery (CSRF)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T09:03:14.758Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.inaba.co.jp/abaniact/news/security_20250404.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93925742/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-25056",
"datePublished": "2025-04-09T09:03:14.758Z",
"dateReserved": "2025-03-24T07:21:25.344Z",
"dateUpdated": "2025-04-09T17:13:41.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-25053 (GCVE-0-2025-25053)
Vulnerability from nvd – Published: 2025-04-09 09:03 – Updated: 2025-04-09 17:15
VLAI
Summary
OS command injection vulnerability in the WEB UI (the setting page) exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to the product.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
Assigner
References
2 references
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Inaba Denki Sangyo Co., Ltd. | AC-WPS-11ac |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-WPS-11ac-P |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-WPSM-11ac |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-WPSM-11ac-P |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-PD-WPS-11ac |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-PD-WPS-11ac-P |
Affected:
v2.0.03P and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25053",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T17:13:55.951870Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T17:15:44.479Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC-WPS-11ac",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-WPS-11ac-P",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-WPSM-11ac",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-WPSM-11ac-P",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-PD-WPS-11ac",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-PD-WPS-11ac-P",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OS command injection vulnerability in the WEB UI (the setting page) exists in Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to the product."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T09:03:09.322Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.inaba.co.jp/abaniact/news/security_20250404.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93925742/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-25053",
"datePublished": "2025-04-09T09:03:09.322Z",
"dateReserved": "2025-03-24T07:21:17.509Z",
"dateUpdated": "2025-04-09T17:15:44.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-23407 (GCVE-0-2025-23407)
Vulnerability from nvd – Published: 2025-04-09 09:03 – Updated: 2025-04-09 17:16
VLAI
Summary
Incorrect privilege assignment vulnerability in the WEB UI (the setting page) exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote attacker who can log in to the product may alter the settings without appropriate privileges.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-266 - Incorrect privilege assignment
Assigner
References
2 references
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Inaba Denki Sangyo Co., Ltd. | AC-WPS-11ac |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-WPS-11ac-P |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-WPSM-11ac |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-WPSM-11ac-P |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-PD-WPS-11ac |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-PD-WPS-11ac-P |
Affected:
v2.0.03P and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23407",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T17:16:09.848050Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T17:16:29.703Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC-WPS-11ac",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-WPS-11ac-P",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-WPSM-11ac",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-WPSM-11ac-P",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-PD-WPS-11ac",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-PD-WPS-11ac-P",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect privilege assignment vulnerability in the WEB UI (the setting page) exists in Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027. If exploited, a remote attacker who can log in to the product may alter the settings without appropriate privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect privilege assignment",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T09:03:03.197Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.inaba.co.jp/abaniact/news/security_20250404.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93925742/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-23407",
"datePublished": "2025-04-09T09:03:03.197Z",
"dateReserved": "2025-03-24T07:21:22.106Z",
"dateUpdated": "2025-04-09T17:16:29.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-26689 (GCVE-0-2025-26689)
Vulnerability from nvd – Published: 2025-03-31 04:49 – Updated: 2025-03-31 15:58
VLAI
Summary
Direct request ('Forced Browsing') issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If a remote attacker sends a specially crafted HTTP request to the product, the product data may be obtained or deleted, and/or the product settings may be altered.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-425 - Direct request ('Forced Browsing')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Inaba Denki Sangyo Co., Ltd. | CHOCO TEI WATCHER mini (IB-MCT001) |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26689",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-31T15:58:43.306787Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T15:58:55.013Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CHOCO TEI WATCHER mini (IB-MCT001)",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Direct request (\u0027Forced Browsing\u0027) issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If a remote attacker sends a specially crafted HTTP request to the product, the product data may be obtained or deleted, and/or the product settings may be altered."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-425",
"description": "Direct request (\u0027Forced Browsing\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T04:49:30.059Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.inaba.co.jp/files/chocomini_vulnerability.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU91154745/"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-084-04"
},
{
"url": "https://www.nozominetworks.com/blog/unpatched-vulnerabilities-in-production-line-cameras-may-allow-remote-surveillance-hinder-stoppage-recording"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-26689",
"datePublished": "2025-03-31T04:49:30.059Z",
"dateReserved": "2025-02-13T01:13:10.937Z",
"dateUpdated": "2025-03-31T15:58:55.013Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-25211 (GCVE-0-2025-25211)
Vulnerability from nvd – Published: 2025-03-31 04:49 – Updated: 2025-03-31 16:01
VLAI
Summary
Weak password requirements issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a brute-force attack may allow an attacker unauthorized access and login.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-521 - Weak password requirements
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Inaba Denki Sangyo Co., Ltd. | CHOCO TEI WATCHER mini (IB-MCT001) |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25211",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-31T16:00:36.292801Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T16:01:20.073Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CHOCO TEI WATCHER mini (IB-MCT001)",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Weak password requirements issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a brute-force attack may allow an attacker unauthorized access and login."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "Weak password requirements",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T04:49:19.439Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.inaba.co.jp/files/chocomini_vulnerability.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU91154745/"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-084-04"
},
{
"url": "https://www.nozominetworks.com/blog/unpatched-vulnerabilities-in-production-line-cameras-may-allow-remote-surveillance-hinder-stoppage-recording"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-25211",
"datePublished": "2025-03-31T04:49:19.439Z",
"dateReserved": "2025-02-13T01:13:11.820Z",
"dateUpdated": "2025-03-31T16:01:20.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24852 (GCVE-0-2025-24852)
Vulnerability from nvd – Published: 2025-03-31 04:49 – Updated: 2025-03-31 16:02
VLAI
Summary
Storing passwords in a recoverable format issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, an attacker who can access the microSD card used on the product may obtain the product login password.
Severity
4.6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-257 - Storing passwords in a recoverable format
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Inaba Denki Sangyo Co., Ltd. | CHOCO TEI WATCHER mini (IB-MCT001) |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24852",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-31T16:01:40.322037Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T16:02:38.648Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CHOCO TEI WATCHER mini (IB-MCT001)",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Storing passwords in a recoverable format issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, an attacker who can access the microSD card used on the product may obtain the product login password."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-257",
"description": "Storing passwords in a recoverable format",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T04:49:07.988Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.inaba.co.jp/files/chocomini_vulnerability.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU91154745/"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-084-04"
},
{
"url": "https://www.nozominetworks.com/blog/unpatched-vulnerabilities-in-production-line-cameras-may-allow-remote-surveillance-hinder-stoppage-recording"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-24852",
"datePublished": "2025-03-31T04:49:07.988Z",
"dateReserved": "2025-02-13T01:13:13.769Z",
"dateUpdated": "2025-03-31T16:02:38.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24517 (GCVE-0-2025-24517)
Vulnerability from nvd – Published: 2025-03-31 04:48 – Updated: 2025-03-31 12:59
VLAI
Summary
Use of client-side authentication issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a remote attacker may obtain the product login password without authentication.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-603 - Use of client-side authentication
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Inaba Denki Sangyo Co., Ltd. | CHOCO TEI WATCHER mini (IB-MCT001) |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24517",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-31T12:59:27.616832Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T12:59:34.323Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CHOCO TEI WATCHER mini (IB-MCT001)",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of client-side authentication issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a remote attacker may obtain the product login password without authentication."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-603",
"description": "Use of client-side authentication",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T04:48:57.473Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.inaba.co.jp/files/chocomini_vulnerability.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU91154745/"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-084-04"
},
{
"url": "https://www.nozominetworks.com/blog/unpatched-vulnerabilities-in-production-line-cameras-may-allow-remote-surveillance-hinder-stoppage-recording"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-24517",
"datePublished": "2025-03-31T04:48:57.473Z",
"dateReserved": "2025-02-13T01:13:12.880Z",
"dateUpdated": "2025-03-31T12:59:34.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-66357 (GCVE-0-2025-66357)
Vulnerability from cvelistv5 – Published: 2025-12-16 04:48 – Updated: 2025-12-16 20:38
VLAI
Summary
CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper check for unusual or exceptional conditions. When the Video Download feature is in a specific communication state, the product's resources may be consumed abnormally.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-754 - Improper check for unusual or exceptional conditions
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Inaba Denki Sangyo Co., Ltd. | CHOCO TEI WATCHER mini (IB-MCT001) |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66357",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-16T20:38:30.843201Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T20:38:43.240Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CHOCO TEI WATCHER mini (IB-MCT001)",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper check for unusual or exceptional conditions. When the Video Download feature is in a specific communication state, the product\u0027s resources may be consumed abnormally."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "Improper check for unusual or exceptional conditions",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T04:48:35.968Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.inaba.co.jp/files/chocomini_vulnerability_newly_identified.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU92827367/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-66357",
"datePublished": "2025-12-16T04:48:35.968Z",
"dateReserved": "2025-11-27T14:15:05.859Z",
"dateUpdated": "2025-12-16T20:38:43.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-59479 (GCVE-0-2025-59479)
Vulnerability from cvelistv5 – Published: 2025-12-16 04:48 – Updated: 2025-12-16 20:44
VLAI
Summary
CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper restriction of rendered UI layers or frames. If a user clicks on content on a malicious web page while logged into the product, unintended operations may be performed on the product.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1021 - Improper restriction of rendered UI layers or frames
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Inaba Denki Sangyo Co., Ltd. | CHOCO TEI WATCHER mini (IB-MCT001) |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59479",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-16T20:39:03.166776Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T20:44:46.280Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CHOCO TEI WATCHER mini (IB-MCT001)",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper restriction of rendered UI layers or frames. If a user clicks on content on a malicious web page while logged into the product, unintended operations may be performed on the product."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1021",
"description": "Improper restriction of rendered UI layers or frames",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T04:48:29.861Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.inaba.co.jp/files/chocomini_vulnerability_newly_identified.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU92827367/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-59479",
"datePublished": "2025-12-16T04:48:29.861Z",
"dateReserved": "2025-11-27T14:15:04.880Z",
"dateUpdated": "2025-12-16T20:44:46.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-61976 (GCVE-0-2025-61976)
Vulnerability from cvelistv5 – Published: 2025-12-16 04:48 – Updated: 2025-12-16 19:54
VLAI
Summary
CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper check for unusual or exceptional conditions. If a remote attacker sends a specially crafted request to the Video Download interface, the system may become unresponsive.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-754 - Improper check for unusual or exceptional conditions
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Inaba Denki Sangyo Co., Ltd. | CHOCO TEI WATCHER mini (IB-MCT001) |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-61976",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-16T19:54:23.462879Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T19:54:44.817Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CHOCO TEI WATCHER mini (IB-MCT001)",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper check for unusual or exceptional conditions. If a remote attacker sends a specially crafted request to the Video Download interface, the system may become unresponsive."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "Improper check for unusual or exceptional conditions",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T04:48:21.754Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.inaba.co.jp/files/chocomini_vulnerability_newly_identified.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU92827367/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-61976",
"datePublished": "2025-12-16T04:48:21.754Z",
"dateReserved": "2025-11-27T14:14:59.287Z",
"dateUpdated": "2025-12-16T19:54:44.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-29870 (GCVE-0-2025-29870)
Vulnerability from cvelistv5 – Published: 2025-04-09 09:03 – Updated: 2025-04-10 14:24
VLAI
Summary
Missing authentication for critical function vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote unauthenticated attacker may obtain the product configuration information including authentication information.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing authentication for critical function
Assigner
References
2 references
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Inaba Denki Sangyo Co., Ltd. | AC-WPS-11ac |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-WPS-11ac-P |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-WPSM-11ac |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-WPSM-11ac-P |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-PD-WPS-11ac |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-PD-WPS-11ac-P |
Affected:
v2.0.03P and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-29870",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T14:16:49.042202Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T14:24:24.090Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC-WPS-11ac",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-WPS-11ac-P",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-WPSM-11ac",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-WPSM-11ac-P",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-PD-WPS-11ac",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-PD-WPS-11ac-P",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing authentication for critical function vulnerability exists in Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027. If exploited, a remote unauthenticated attacker may obtain the product configuration information including authentication information."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "Missing authentication for critical function",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T09:03:35.579Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.inaba.co.jp/abaniact/news/security_20250404.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93925742/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-29870",
"datePublished": "2025-04-09T09:03:35.579Z",
"dateReserved": "2025-03-24T07:21:16.404Z",
"dateUpdated": "2025-04-10T14:24:24.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27934 (GCVE-0-2025-27934)
Vulnerability from cvelistv5 – Published: 2025-04-09 09:03 – Updated: 2025-04-09 14:20
VLAI
Summary
Information disclosure of authentication information in the specific service vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote unauthenticated attacker may obtain the product authentication information.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-497 - Exposure of sensitive system information to an unauthorized control sphere
Assigner
References
2 references
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Inaba Denki Sangyo Co., Ltd. | AC-WPS-11ac |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-WPS-11ac-P |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-WPSM-11ac |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-WPSM-11ac-P |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-PD-WPS-11ac |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-PD-WPS-11ac-P |
Affected:
v2.0.03P and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27934",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T14:19:54.967646Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T14:20:29.090Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC-WPS-11ac",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-WPS-11ac-P",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-WPSM-11ac",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-WPSM-11ac-P",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-PD-WPS-11ac",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-PD-WPS-11ac-P",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Information disclosure of authentication information in the specific service vulnerability exists in Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027. If exploited, a remote unauthenticated attacker may obtain the product authentication information."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "Exposure of sensitive system information to an unauthorized control sphere",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T09:03:32.130Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.inaba.co.jp/abaniact/news/security_20250404.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93925742/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-27934",
"datePublished": "2025-04-09T09:03:32.130Z",
"dateReserved": "2025-03-24T07:21:24.473Z",
"dateUpdated": "2025-04-09T14:20:29.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27797 (GCVE-0-2025-27797)
Vulnerability from cvelistv5 – Published: 2025-04-09 09:03 – Updated: 2025-04-09 14:57
VLAI
Summary
OS command injection vulnerability in the specific service exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to the product.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
Assigner
References
2 references
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Inaba Denki Sangyo Co., Ltd. | AC-WPS-11ac |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-WPS-11ac-P |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-WPSM-11ac |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-WPSM-11ac-P |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-PD-WPS-11ac |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-PD-WPS-11ac-P |
Affected:
v2.0.03P and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27797",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T14:43:52.062993Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T14:57:13.725Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC-WPS-11ac",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-WPS-11ac-P",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-WPSM-11ac",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-WPSM-11ac-P",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-PD-WPS-11ac",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-PD-WPS-11ac-P",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OS command injection vulnerability in the specific service exists in Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to the product."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T09:03:29.067Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.inaba.co.jp/abaniact/news/security_20250404.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93925742/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-27797",
"datePublished": "2025-04-09T09:03:29.067Z",
"dateReserved": "2025-03-24T07:21:23.496Z",
"dateUpdated": "2025-04-09T14:57:13.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27722 (GCVE-0-2025-27722)
Vulnerability from cvelistv5 – Published: 2025-04-09 09:03 – Updated: 2025-04-09 15:07
VLAI
Summary
Cleartext transmission of sensitive information issue exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a man-in-the-middle attack may allow a remote unauthenticated attacker to eavesdrop the communication and obtain the authentication information.
Severity
5.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-319 - Cleartext transmission of sensitive information
Assigner
References
2 references
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Inaba Denki Sangyo Co., Ltd. | AC-WPS-11ac |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-WPS-11ac-P |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-WPSM-11ac |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-WPSM-11ac-P |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-PD-WPS-11ac |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-PD-WPS-11ac-P |
Affected:
v2.0.03P and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27722",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T15:05:43.543317Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T15:07:39.314Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC-WPS-11ac",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-WPS-11ac-P",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-WPSM-11ac",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-WPSM-11ac-P",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-PD-WPS-11ac",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-PD-WPS-11ac-P",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cleartext transmission of sensitive information issue exists in Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027. If exploited, a man-in-the-middle attack may allow a remote unauthenticated attacker to eavesdrop the communication and obtain the authentication information."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "Cleartext transmission of sensitive information",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T09:03:26.029Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.inaba.co.jp/abaniact/news/security_20250404.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93925742/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-27722",
"datePublished": "2025-04-09T09:03:26.029Z",
"dateReserved": "2025-03-24T07:21:19.872Z",
"dateUpdated": "2025-04-09T15:07:39.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-25213 (GCVE-0-2025-25213)
Vulnerability from cvelistv5 – Published: 2025-04-09 09:03 – Updated: 2025-04-09 17:07
VLAI
Summary
Improper restriction of rendered UI layers or frames issue exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If a user views and clicks on the content on the malicious page while logged in, unintended operations may be performed.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1021 - Improper restriction of rendered UI layers or frames
Assigner
References
2 references
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Inaba Denki Sangyo Co., Ltd. | AC-WPS-11ac |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-WPS-11ac-P |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-WPSM-11ac |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-WPSM-11ac-P |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-PD-WPS-11ac |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-PD-WPS-11ac-P |
Affected:
v2.0.03P and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25213",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T17:06:42.413898Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T17:07:57.202Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC-WPS-11ac",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-WPS-11ac-P",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-WPSM-11ac",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-WPSM-11ac-P",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-PD-WPS-11ac",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-PD-WPS-11ac-P",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper restriction of rendered UI layers or frames issue exists in Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027. If a user views and clicks on the content on the malicious page while logged in, unintended operations may be performed."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1021",
"description": "Improper restriction of rendered UI layers or frames",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T09:03:20.081Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.inaba.co.jp/abaniact/news/security_20250404.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93925742/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-25213",
"datePublished": "2025-04-09T09:03:20.081Z",
"dateReserved": "2025-03-24T07:21:15.552Z",
"dateUpdated": "2025-04-09T17:07:57.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-25056 (GCVE-0-2025-25056)
Vulnerability from cvelistv5 – Published: 2025-04-09 09:03 – Updated: 2025-04-09 17:13
VLAI
Summary
Cross-site request forgery vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If a user views a malicious page while logged in, unintended operations may be performed.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-352 - Cross-site request forgery (CSRF)
Assigner
References
2 references
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Inaba Denki Sangyo Co., Ltd. | AC-WPS-11ac |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-WPS-11ac-P |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-WPSM-11ac |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-WPSM-11ac-P |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-PD-WPS-11ac |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-PD-WPS-11ac-P |
Affected:
v2.0.03P and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25056",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T17:13:20.262542Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T17:13:41.222Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC-WPS-11ac",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-WPS-11ac-P",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-WPSM-11ac",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-WPSM-11ac-P",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-PD-WPS-11ac",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-PD-WPS-11ac-P",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery vulnerability exists in Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027. If a user views a malicious page while logged in, unintended operations may be performed."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-site request forgery (CSRF)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T09:03:14.758Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.inaba.co.jp/abaniact/news/security_20250404.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93925742/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-25056",
"datePublished": "2025-04-09T09:03:14.758Z",
"dateReserved": "2025-03-24T07:21:25.344Z",
"dateUpdated": "2025-04-09T17:13:41.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-25053 (GCVE-0-2025-25053)
Vulnerability from cvelistv5 – Published: 2025-04-09 09:03 – Updated: 2025-04-09 17:15
VLAI
Summary
OS command injection vulnerability in the WEB UI (the setting page) exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to the product.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
Assigner
References
2 references
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Inaba Denki Sangyo Co., Ltd. | AC-WPS-11ac |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-WPS-11ac-P |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-WPSM-11ac |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-WPSM-11ac-P |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-PD-WPS-11ac |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-PD-WPS-11ac-P |
Affected:
v2.0.03P and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25053",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T17:13:55.951870Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T17:15:44.479Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC-WPS-11ac",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-WPS-11ac-P",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-WPSM-11ac",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-WPSM-11ac-P",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-PD-WPS-11ac",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-PD-WPS-11ac-P",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OS command injection vulnerability in the WEB UI (the setting page) exists in Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to the product."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T09:03:09.322Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.inaba.co.jp/abaniact/news/security_20250404.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93925742/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-25053",
"datePublished": "2025-04-09T09:03:09.322Z",
"dateReserved": "2025-03-24T07:21:17.509Z",
"dateUpdated": "2025-04-09T17:15:44.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-23407 (GCVE-0-2025-23407)
Vulnerability from cvelistv5 – Published: 2025-04-09 09:03 – Updated: 2025-04-09 17:16
VLAI
Summary
Incorrect privilege assignment vulnerability in the WEB UI (the setting page) exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote attacker who can log in to the product may alter the settings without appropriate privileges.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-266 - Incorrect privilege assignment
Assigner
References
2 references
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Inaba Denki Sangyo Co., Ltd. | AC-WPS-11ac |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-WPS-11ac-P |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-WPSM-11ac |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-WPSM-11ac-P |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-PD-WPS-11ac |
Affected:
v2.0.03P and earlier
|
|
| Inaba Denki Sangyo Co., Ltd. | AC-PD-WPS-11ac-P |
Affected:
v2.0.03P and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23407",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T17:16:09.848050Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T17:16:29.703Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC-WPS-11ac",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-WPS-11ac-P",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-WPSM-11ac",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-WPSM-11ac-P",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-PD-WPS-11ac",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
},
{
"product": "AC-PD-WPS-11ac-P",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "v2.0.03P and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect privilege assignment vulnerability in the WEB UI (the setting page) exists in Wi-Fi AP UNIT \u0027AC-WPS-11ac series\u0027. If exploited, a remote attacker who can log in to the product may alter the settings without appropriate privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect privilege assignment",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T09:03:03.197Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.inaba.co.jp/abaniact/news/security_20250404.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93925742/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-23407",
"datePublished": "2025-04-09T09:03:03.197Z",
"dateReserved": "2025-03-24T07:21:22.106Z",
"dateUpdated": "2025-04-09T17:16:29.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-26689 (GCVE-0-2025-26689)
Vulnerability from cvelistv5 – Published: 2025-03-31 04:49 – Updated: 2025-03-31 15:58
VLAI
Summary
Direct request ('Forced Browsing') issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If a remote attacker sends a specially crafted HTTP request to the product, the product data may be obtained or deleted, and/or the product settings may be altered.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-425 - Direct request ('Forced Browsing')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Inaba Denki Sangyo Co., Ltd. | CHOCO TEI WATCHER mini (IB-MCT001) |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26689",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-31T15:58:43.306787Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T15:58:55.013Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CHOCO TEI WATCHER mini (IB-MCT001)",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Direct request (\u0027Forced Browsing\u0027) issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If a remote attacker sends a specially crafted HTTP request to the product, the product data may be obtained or deleted, and/or the product settings may be altered."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-425",
"description": "Direct request (\u0027Forced Browsing\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T04:49:30.059Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.inaba.co.jp/files/chocomini_vulnerability.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU91154745/"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-084-04"
},
{
"url": "https://www.nozominetworks.com/blog/unpatched-vulnerabilities-in-production-line-cameras-may-allow-remote-surveillance-hinder-stoppage-recording"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-26689",
"datePublished": "2025-03-31T04:49:30.059Z",
"dateReserved": "2025-02-13T01:13:10.937Z",
"dateUpdated": "2025-03-31T15:58:55.013Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-25211 (GCVE-0-2025-25211)
Vulnerability from cvelistv5 – Published: 2025-03-31 04:49 – Updated: 2025-03-31 16:01
VLAI
Summary
Weak password requirements issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a brute-force attack may allow an attacker unauthorized access and login.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-521 - Weak password requirements
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Inaba Denki Sangyo Co., Ltd. | CHOCO TEI WATCHER mini (IB-MCT001) |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25211",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-31T16:00:36.292801Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T16:01:20.073Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CHOCO TEI WATCHER mini (IB-MCT001)",
"vendor": "Inaba Denki Sangyo Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Weak password requirements issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a brute-force attack may allow an attacker unauthorized access and login."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "Weak password requirements",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T04:49:19.439Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.inaba.co.jp/files/chocomini_vulnerability.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU91154745/"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-084-04"
},
{
"url": "https://www.nozominetworks.com/blog/unpatched-vulnerabilities-in-production-line-cameras-may-allow-remote-surveillance-hinder-stoppage-recording"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-25211",
"datePublished": "2025-03-31T04:49:19.439Z",
"dateReserved": "2025-02-13T01:13:11.820Z",
"dateUpdated": "2025-03-31T16:01:20.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}