Published:2025/04/04 Last Updated:2025/04/04
JVNVU#93925742
Multiple vulnerabilities in Inaba Denki Sangyo Wi-Fi AP UNIT 'AC-WPS-11ac series'
Overview
Wi-Fi AP UNIT 'AC-WPS-11ac series' provided by Inaba Denki Sangyo Co., Ltd. contain multiple vulnerabilities.
Products Affected
- AC-WPS-11ac v2.0.03P and earlier
- AC-WPS-11ac-P v2.0.03P and earlier
- AC-WPSM-11ac v2.0.03P and earlier
- AC-WPSM-11ac-P v2.0.03P and earlier
- AC-PD-WPS-11ac v2.0.03P and earlier
- AC-PD-WPS-11ac-P v2.0.03P and earlier
Description
Wi-Fi AP UNIT 'AC-WPS-11ac series' provided by Inaba Denki Sangyo Co., Ltd. contain multiple vulnerabilities listed below.
- Incorrect privilege assignment in the WEB UI (the setting page) (CWE-266)
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Base Score 4.3
- CVE-2025-23407
- OS command injection in the WEB UI (the setting page) (CWE-78)
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 8.8
- CVE-2025-25053
- Cross-site request forgery (CWE-352)
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score 4.3
- CVE-2025-25056
- Improper restriction of rendered UI layers or frames (CWE-1021)
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Base Score 6.5
- CVE-2025-25213
- Cleartext transmission of sensitive information (CWE-319)
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score 5.9
- CVE-2025-27722
- OS command injection in the specific service (CWE-78)
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 9.8
- CVE-2025-27797
- Information disclosure of authentication information in the specific service (CWE-497)
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score 7.5
- CVE-2025-27934
- Missing authentication for critical function (CWE-306)
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score 7.5
- CVE-2025-29870
Impact
- A remote attacker who can log in to the product may alter the settings without appropriate privileges (CVE-2025-23407)
- An arbitrary OS command may be executed by a remote attacker who can log in to the product (CVE-2025-25053, CVE-2025-27797)
- If a user views a malicious page while logged in, unintended operations may be performed (CVE-2025-25056)
- If a user views and clicks on the content on the malicious page while logged in, unintended operations may be performed (CVE-2025-25213)
- A man-in-the-middle attack may allow a remote unauthenticated attacker to eavesdrop the communication and obtain the authentication information (CVE-2025-27722)
- A remote unauthenticated attacker may obtain the product authentication information (CVE-2025-27934)
- A remote unauthenticated attacker may obtain the product configuration information including authentication information (CVE-2025-29870)
Solution
Update the firmware
Update the firmware to the latest version according to the information provided by the developer.
The developer has released the following versions that address the vulnerabilities.
- AC-WPS-11ac v2.0.06.13P
- AC-WPS-11ac-P v2.0.06.13P
- AC-WPSM-11ac v2.0.06.13P
- AC-WPSM-11ac-P v2.0.06.13P
- AC-PD-WPS-11ac v2.0.06.13P
- AC-PD-WPS-11ac-P v2.0.06.13P
The developer recommends applying workarounds in addition to updating the firmware.
For more details, refer to the information provided by the developer.
Vendor Status
Vendor | Link |
Inaba Denki Sangyo Co., Ltd. | Multiple vulnerabilities in Wi-Fi AP UNIT [AC-WPS-11ac series] (PDF, Text in Japanese) |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Inaba Denki Sangyo Co., Ltd. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
Other Information
JPCERT Alert |
|
JPCERT Reports |
|
CERT Advisory |
|
CPNI Advisory |
|
TRnotes |
|
CVE |
CVE-2025-23407 |
CVE-2025-25053 |
|
CVE-2025-25056 |
|
CVE-2025-25213 |
|
CVE-2025-27722 |
|
CVE-2025-27797 |
|
CVE-2025-27934 |
|
CVE-2025-29870 |
|
JVN iPedia |
|