CVE-2023-28392
CVE-2023-28392
In short
An authenticated administrator can run arbitrary system commands on these Wi-Fi access points due to improper input validation. This allows complete control over the device and potentially the entire network it manages.
Technical detail
CWE-78 (OS Command Injection) affecting multiple Wi-Fi AP models where authenticated administrative users can inject and execute arbitrary OS commands through unvalidated input parameters. Requires valid admin credentials but provides unrestricted code execution with device privileges.
Summary generated and translated by AI from the official description.
Wi-Fi AP UNIT AC-PD-WAPU v1.05_B04 and earlier, AC-PD-WAPUM v1.05_B04 and earlier, AC-PD-WAPU-P v1.05_B04P and earlier, AC-PD-WAPUM-P v1.05_B04P and earlier, AC-WAPU-300 v1.00_B07 and earlier, AC-WAPU-300-P v1.00_B08P and earlier, AC-WAPUM-300 v1.00_B07 and earlier, and AC-WAPUM-300-P v1.00_B08P and earlier allow an authenticated user with an administrative privilege to execute an arbitrary OS command.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
Inaba Denki Sangyo Co., Ltd. · Wi-Fi AP UNITWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://jvn.jp/en/jp/JVN28412757/https://jvn.jp/en/vu/JVNVU98968780/https://www.inaba.co.jp/abaniact/news/Wi-Fi%20AP%20UNIT%E3%80%8CAC-WAPU-300%E3%80%8D%E3%81%AB%E3%81%8A%E3%81%91%E3%82%8BOS%E3%82%B3%E3%83%9E%E3%83%B3%E3%83%89%E3%82%A4%E3%83%B3%E3%82%B8%E3%82%A7%E3%82%AF%E3%82%B7%E3%83%A7%E3%83%B3%E3%81%AE%E8%84%86%E5%BC%B1%E6%80%A7%E3%81%AB%E3%81%A4%E3%81%84%E3%81%A6.pdf