#VU107034 Improper Restriction of Rendered UI Layers or Frames in INABA DENKI SANGYO products - CVE-2025-25213

Cybersecurity Help s.r.o.

Published: 2025-04-07

Vulnerability identifier: #VU107034

Vulnerability risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-25213

CWE-ID: CWE-1021

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
AC-WPS-11ac
Hardware solutions / Routers & switches, VoIP, GSM, etc
AC-WPS-11ac-P
Hardware solutions / Routers & switches, VoIP, GSM, etc
AC-WPSM-11ac
Hardware solutions / Routers & switches, VoIP, GSM, etc
AC-WPSM-11ac-P
Hardware solutions / Routers & switches, VoIP, GSM, etc
AC-PD-WPS-11ac
Hardware solutions / Routers & switches, VoIP, GSM, etc
AC-PD-WPS-11ac-P
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor: INABA DENKI SANGYO

Description

The vulnerability allows a remote attacker to compromsie the target system.

The vulnerability exists due to improper restriction of rendered UI layers or frames. A remote attacker can trick a victim to perform operations on the product's web pages.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

AC-WPS-11ac: 2.0.03P

AC-WPS-11ac-P: 2.0.03P

AC-WPSM-11ac: 2.0.03P

AC-WPSM-11ac-P: 2.0.03P

AC-PD-WPS-11ac: 2.0.03P

AC-PD-WPS-11ac-P: 2.0.03P

External links
https://jvn.jp/en/vu/JVNVU93925742/index.html
https://www.inaba.co.jp/abaniact/news/security_20250404.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Inaba Denki Sangyo products