CVE-2025-29870

CVSS 7.5 HIGHEPSS 0.5%CWE-306

In short

The Wi-Fi AC-WPS-11ac series access point allows anyone on the network to view sensitive configuration details, including login credentials, without needing to authenticate first. This is dangerous because attackers can use this information to take control of the device or access other systems.

Technical detail

A missing authentication control on a critical administrative function in the AC-WPS-11ac Wi-Fi AP enables unauthenticated remote attackers to retrieve configuration data via network access. The vulnerability exposes sensitive information including stored authentication credentials, requiring only network connectivity without prior authorization; impact includes unauthorized device takeover and lateral movement.

Summary generated and translated by AI from the official description.

Missing authentication for critical function vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote unauthenticated attacker may obtain the product configuration information including authentication information.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Inaba Denki Sangyo Co., Ltd. · AC-PD-WPS-11ac Inaba Denki Sangyo Co., Ltd. · AC-PD-WPS-11ac-P Inaba Denki Sangyo Co., Ltd. · AC-WPS-11ac Inaba Denki Sangyo Co., Ltd. · AC-WPS-11ac-P Inaba Denki Sangyo Co., Ltd. · AC-WPSM-11ac Inaba Denki Sangyo Co., Ltd. · AC-WPSM-11ac-P

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://jvn.jp/en/vu/JVNVU93925742/https://www.inaba.co.jp/abaniact/news/security_20250404.pdf