Multiple vulnerabilities in Inaba Denki Sangyo products
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 8 |
| CVE-ID | CVE-2025-23407 CVE-2025-25053 CVE-2025-25056 CVE-2025-25213 CVE-2025-27722 CVE-2025-27797 CVE-2025-27934 CVE-2025-29870 |
| CWE-ID | CWE-266 CWE-78 CWE-352 CWE-1021 CWE-319 CWE-497 CWE-306 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
AC-WPS-11ac Hardware solutions / Routers & switches, VoIP, GSM, etc AC-WPS-11ac-P Hardware solutions / Routers & switches, VoIP, GSM, etc AC-WPSM-11ac Hardware solutions / Routers & switches, VoIP, GSM, etc AC-WPSM-11ac-P Hardware solutions / Routers & switches, VoIP, GSM, etc AC-PD-WPS-11ac Hardware solutions / Routers & switches, VoIP, GSM, etc AC-PD-WPS-11ac-P Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | INABA DENKI SANGYO |
Security Bulletin
This security bulletin contains information about 8 vulnerabilities.
1) Incorrect Privilege Assignment
EUVDB-ID: #VU107031
Risk: Medium
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-23407
CWE-ID:
CWE-266 - Incorrect Privilege Assignment
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to incorrect privilege assignment in the WEB UI (the setting page). A remote user can alter the settings without appropriate privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAC-WPS-11ac: - - 2.0.03P
AC-WPS-11ac-P: - - 2.0.03P
AC-WPSM-11ac: - - 2.0.03P
AC-WPSM-11ac-P: - - 2.0.03P
AC-PD-WPS-11ac: - - 2.0.03P
AC-PD-WPS-11ac-P: - - 2.0.03P
CPE2.3- cpe:2.3:h:inaba_denki_sangyo:ac-wps-11ac:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wps-11ac:2.0.03P:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wps-11ac-p:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wps-11ac-p:2.0.03P:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wpsm-11ac:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wpsm-11ac:2.0.03P:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wpsm-11ac-p:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wpsm-11ac-p:2.0.03P:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-pd-wps-11ac:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-pd-wps-11ac:2.0.03P:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-pd-wps-11ac-p:*:*:*:*:*:*:*:*
https://jvn.jp/en/vu/JVNVU93925742/index.html
https://www.inaba.co.jp/abaniact/news/security_20250404.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) OS Command Injection
EUVDB-ID: #VU107032
Risk: Medium
CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-25053
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the WEB UI (the setting page). A remote user can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAC-WPS-11ac: - - 2.0.03P
AC-WPS-11ac-P: - - 2.0.03P
AC-WPSM-11ac: - - 2.0.03P
AC-WPSM-11ac-P: - - 2.0.03P
AC-PD-WPS-11ac: - - 2.0.03P
AC-PD-WPS-11ac-P: - - 2.0.03P
CPE2.3- cpe:2.3:h:inaba_denki_sangyo:ac-wps-11ac:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wps-11ac:2.0.03P:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wps-11ac-p:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wps-11ac-p:2.0.03P:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wpsm-11ac:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wpsm-11ac:2.0.03P:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wpsm-11ac-p:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wpsm-11ac-p:2.0.03P:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-pd-wps-11ac:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-pd-wps-11ac:2.0.03P:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-pd-wps-11ac-p:*:*:*:*:*:*:*:*
https://jvn.jp/en/vu/JVNVU93925742/index.html
https://www.inaba.co.jp/abaniact/news/security_20250404.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Cross-site request forgery
EUVDB-ID: #VU107033
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-25056
CWE-ID:
CWE-352 - Cross-Site Request Forgery (CSRF)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform cross-site request forgery attacks.
The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAC-WPS-11ac: - - 2.0.03P
AC-WPS-11ac-P: - - 2.0.03P
AC-WPSM-11ac: - - 2.0.03P
AC-WPSM-11ac-P: - - 2.0.03P
AC-PD-WPS-11ac: - - 2.0.03P
AC-PD-WPS-11ac-P: - - 2.0.03P
CPE2.3- cpe:2.3:h:inaba_denki_sangyo:ac-wps-11ac:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wps-11ac:2.0.03P:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wps-11ac-p:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wps-11ac-p:2.0.03P:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wpsm-11ac:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wpsm-11ac:2.0.03P:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wpsm-11ac-p:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wpsm-11ac-p:2.0.03P:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-pd-wps-11ac:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-pd-wps-11ac:2.0.03P:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-pd-wps-11ac-p:*:*:*:*:*:*:*:*
https://jvn.jp/en/vu/JVNVU93925742/index.html
https://www.inaba.co.jp/abaniact/news/security_20250404.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper Restriction of Rendered UI Layers or Frames
EUVDB-ID: #VU107034
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-25213
CWE-ID:
CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromsie the target system.
The vulnerability exists due to improper restriction of rendered UI layers or frames. A remote attacker can trick a victim to perform operations on the product's web pages.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAC-WPS-11ac: - - 2.0.03P
AC-WPS-11ac-P: - - 2.0.03P
AC-WPSM-11ac: - - 2.0.03P
AC-WPSM-11ac-P: - - 2.0.03P
AC-PD-WPS-11ac: - - 2.0.03P
AC-PD-WPS-11ac-P: - - 2.0.03P
CPE2.3- cpe:2.3:h:inaba_denki_sangyo:ac-wps-11ac:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wps-11ac:2.0.03P:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wps-11ac-p:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wps-11ac-p:2.0.03P:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wpsm-11ac:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wpsm-11ac:2.0.03P:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wpsm-11ac-p:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wpsm-11ac-p:2.0.03P:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-pd-wps-11ac:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-pd-wps-11ac:2.0.03P:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-pd-wps-11ac-p:*:*:*:*:*:*:*:*
https://jvn.jp/en/vu/JVNVU93925742/index.html
https://www.inaba.co.jp/abaniact/news/security_20250404.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Cleartext transmission of sensitive information
EUVDB-ID: #VU107035
Risk: High
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-27722
CWE-ID:
CWE-319 - Cleartext Transmission of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to software uses insecure communication channel to transmit sensitive information. A remote attacker with ability to intercept network traffic can gain access to sensitive data.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAC-WPS-11ac: - - 2.0.03P
AC-WPS-11ac-P: - - 2.0.03P
AC-WPSM-11ac: - - 2.0.03P
AC-WPSM-11ac-P: - - 2.0.03P
AC-PD-WPS-11ac: - - 2.0.03P
AC-PD-WPS-11ac-P: - - 2.0.03P
CPE2.3- cpe:2.3:h:inaba_denki_sangyo:ac-wps-11ac:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wps-11ac:2.0.03P:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wps-11ac-p:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wps-11ac-p:2.0.03P:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wpsm-11ac:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wpsm-11ac:2.0.03P:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wpsm-11ac-p:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wpsm-11ac-p:2.0.03P:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-pd-wps-11ac:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-pd-wps-11ac:2.0.03P:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-pd-wps-11ac-p:*:*:*:*:*:*:*:*
https://jvn.jp/en/vu/JVNVU93925742/index.html
https://www.inaba.co.jp/abaniact/news/security_20250404.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) OS Command Injection
EUVDB-ID: #VU107036
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-27797
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the specific service. A remote unauthenticated attacker can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAC-WPS-11ac: - - 2.0.03P
AC-WPS-11ac-P: - - 2.0.03P
AC-WPSM-11ac: - - 2.0.03P
AC-WPSM-11ac-P: - - 2.0.03P
AC-PD-WPS-11ac: - - 2.0.03P
AC-PD-WPS-11ac-P: - - 2.0.03P
CPE2.3- cpe:2.3:h:inaba_denki_sangyo:ac-wps-11ac:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wps-11ac:2.0.03P:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wps-11ac-p:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wps-11ac-p:2.0.03P:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wpsm-11ac:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wpsm-11ac:2.0.03P:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wpsm-11ac-p:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wpsm-11ac-p:2.0.03P:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-pd-wps-11ac:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-pd-wps-11ac:2.0.03P:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-pd-wps-11ac-p:*:*:*:*:*:*:*:*
https://jvn.jp/en/vu/JVNVU93925742/index.html
https://www.inaba.co.jp/abaniact/news/security_20250404.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Exposure of Sensitive System Information to an Unauthorized Control Sphere
EUVDB-ID: #VU107037
Risk: High
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-27934
CWE-ID:
CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to exposure of sensitive system information to an unauthorized control sphere in the specific service. A remote attacker can obtain the product authentication information.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAC-WPS-11ac: - - 2.0.03P
AC-WPS-11ac-P: - - 2.0.03P
AC-WPSM-11ac: - - 2.0.03P
AC-WPSM-11ac-P: - - 2.0.03P
AC-PD-WPS-11ac: - - 2.0.03P
AC-PD-WPS-11ac-P: - - 2.0.03P
CPE2.3- cpe:2.3:h:inaba_denki_sangyo:ac-wps-11ac:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wps-11ac:2.0.03P:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wps-11ac-p:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wps-11ac-p:2.0.03P:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wpsm-11ac:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wpsm-11ac:2.0.03P:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wpsm-11ac-p:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wpsm-11ac-p:2.0.03P:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-pd-wps-11ac:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-pd-wps-11ac:2.0.03P:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-pd-wps-11ac-p:*:*:*:*:*:*:*:*
https://jvn.jp/en/vu/JVNVU93925742/index.html
https://www.inaba.co.jp/abaniact/news/security_20250404.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Missing Authentication for Critical Function
EUVDB-ID: #VU107038
Risk: High
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-29870
CWE-ID:
CWE-306 - Missing Authentication for Critical Function
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to missing authentication for critical function. A remote attacker can obtain the product configuration information including authentication information.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAC-WPS-11ac: - - 2.0.03P
AC-WPS-11ac-P: - - 2.0.03P
AC-WPSM-11ac: - - 2.0.03P
AC-WPSM-11ac-P: - - 2.0.03P
AC-PD-WPS-11ac: - - 2.0.03P
AC-PD-WPS-11ac-P: - - 2.0.03P
CPE2.3- cpe:2.3:h:inaba_denki_sangyo:ac-wps-11ac:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wps-11ac:2.0.03P:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wps-11ac-p:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wps-11ac-p:2.0.03P:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wpsm-11ac:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wpsm-11ac:2.0.03P:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wpsm-11ac-p:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-wpsm-11ac-p:2.0.03P:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-pd-wps-11ac:*:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-pd-wps-11ac:2.0.03P:*:*:*:*:*:*:*
- cpe:2.3:h:inaba_denki_sangyo:ac-pd-wps-11ac-p:*:*:*:*:*:*:*:*
https://jvn.jp/en/vu/JVNVU93925742/index.html
https://www.inaba.co.jp/abaniact/news/security_20250404.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
