CVE-2025-25213
CVE-2025-25213
In short
A Wi-Fi access point (AC-WPS-11ac series) doesn't properly protect its admin interface from being tricked by malicious websites. If you're logged in and visit a bad website, it can secretly perform unwanted actions on your device without your knowledge.
Technical detail
Improper UI layer restriction (clickjacking/frame confusion) in AC-WPS-11ac Wi-Fi AP admin interface allows an attacker to craft a malicious webpage that, when visited by an authenticated user, can trigger unintended administrative operations through hidden or overlaid UI elements. Attack requires user interaction while authenticated to the device.
Summary generated and translated by AI from the official description.
Improper restriction of rendered UI layers or frames issue exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If a user views and clicks on the content on the malicious page while logged in, unintended operations may be performed.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Affected products
Inaba Denki Sangyo Co., Ltd. · AC-PD-WPS-11acInaba Denki Sangyo Co., Ltd. · AC-PD-WPS-11ac-PInaba Denki Sangyo Co., Ltd. · AC-WPS-11acInaba Denki Sangyo Co., Ltd. · AC-WPS-11ac-PInaba Denki Sangyo Co., Ltd. · AC-WPSM-11acInaba Denki Sangyo Co., Ltd. · AC-WPSM-11ac-PWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →