CVE-2025-23407
CVE-2025-23407
In short
A flaw in the settings page of Wi-Fi AP units allows logged-in users to change configurations they shouldn't have permission to modify. This could let someone with basic access alter important network settings.
Technical detail
CWE-266 privilege assignment flaw in the WEB UI settings page permits authenticated remote attackers to modify configuration parameters beyond their assigned privilege level. The vulnerability requires valid login credentials and affects AC-WPS-11ac series Wi-Fi AP units, potentially enabling unauthorized alteration of critical network settings.
Summary generated and translated by AI from the official description.
Incorrect privilege assignment vulnerability in the WEB UI (the setting page) exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote attacker who can log in to the product may alter the settings without appropriate privileges.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Affected products
Inaba Denki Sangyo Co., Ltd. · AC-PD-WPS-11acInaba Denki Sangyo Co., Ltd. · AC-PD-WPS-11ac-PInaba Denki Sangyo Co., Ltd. · AC-WPS-11acInaba Denki Sangyo Co., Ltd. · AC-WPS-11ac-PInaba Denki Sangyo Co., Ltd. · AC-WPSM-11acInaba Denki Sangyo Co., Ltd. · AC-WPSM-11ac-PWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →