CVE-2023-31196

CVSS 7.5 HIGHEPSS 0.8%CWE-306

In short

These Wi-Fi access points are missing authentication checks on certain functions, allowing anyone on the network to access sensitive information without logging in. This is a serious problem because attackers can steal configuration data and other private details.

Technical detail

Missing authentication mechanism (CWE-306) in critical functions of affected Wi-Fi AP units enables unauthenticated remote attackers to retrieve sensitive information. The vulnerability requires network access to the device but no credentials, allowing disclosure of configuration and operational data. Impacts all listed AC-PD-WAPU, AC-PD-WAPUM, AC-WAPU-300, and AC-WAPUM-300 series up to specified firmware versions.

Summary generated and translated by AI from the official description.

Missing authentication for critical function in Wi-Fi AP UNIT allows a remote unauthenticated attacker to obtain sensitive information of the affected products. Affected products and versions are as follows: AC-PD-WAPU v1.05_B04 and earlier, AC-PD-WAPUM v1.05_B04 and earlier, AC-PD-WAPU-P v1.05_B04P and earlier, AC-PD-WAPUM-P v1.05_B04P and earlier, AC-WAPU-300 v1.00_B07 and earlier, AC-WAPUM-300 v1.00_B07 and earlier, AC-WAPU-300-P v1.00_B07 and earlier, and AC-WAPUM-300-P v1.00_B07 and earlier

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Inaba Denki Sangyo Co., Ltd. · Wi-Fi AP UNIT

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://jvn.jp/en/jp/JVN28412757/https://www.inaba.co.jp/abaniact/news/Wi-Fi_AP_UNIT%E3%81%AB%E3%81%8A%E3%81%91%E3%82%8B%E8%A4%87%E6%95%B0%E3%81%AE%E8%84%86%E5%BC%B1%E6%80%A7%E3%81%AB%E3%81%A4%E3%81%84%E3%81%A6.pdf