CVE-2025-25053
CVE-2025-25053
In short
A flaw in the Wi-Fi AP UNIT 'AC-WPS-11ac series' settings page allows a logged-in attacker to run any operating system command on the device. This bypasses normal restrictions and gives the attacker full control over the device.
Technical detail
OS command injection vulnerability in the WEB UI settings page of AC-WPS-11ac series allows remote authenticated attackers to execute arbitrary OS commands via unsanitized input parameters. Attack vector is network-based, requires valid login credentials as a pre-condition, and impacts confidentiality, integrity, and availability of the affected device.
Summary generated and translated by AI from the official description.
OS command injection vulnerability in the WEB UI (the setting page) exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to the product.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
Inaba Denki Sangyo Co., Ltd. · AC-PD-WPS-11acInaba Denki Sangyo Co., Ltd. · AC-PD-WPS-11ac-PInaba Denki Sangyo Co., Ltd. · AC-WPS-11acInaba Denki Sangyo Co., Ltd. · AC-WPS-11ac-PInaba Denki Sangyo Co., Ltd. · AC-WPSM-11acInaba Denki Sangyo Co., Ltd. · AC-WPSM-11ac-PWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →