CVE-2025-25056
CVE-2025-25056
In short
A security flaw in Wi-Fi AP UNIT 'AC-WPS-11ac series' allows attackers to trick logged-in users into performing unwanted actions on the device by viewing a malicious webpage. This could lead to unauthorized configuration changes or other harmful operations.
Technical detail
Cross-site request forgery (CSRF) vulnerability in AC-WPS-11ac series Wi-Fi access points exploits the lack of proper CSRF token validation. Attack vector requires a user authenticated to the device to visit an attacker-controlled page, enabling unauthorized state-changing operations such as configuration modifications without explicit user consent.
Summary generated and translated by AI from the official description.
Cross-site request forgery vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If a user views a malicious page while logged in, unintended operations may be performed.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Affected products
Inaba Denki Sangyo Co., Ltd. · AC-PD-WPS-11acInaba Denki Sangyo Co., Ltd. · AC-PD-WPS-11ac-PInaba Denki Sangyo Co., Ltd. · AC-WPS-11acInaba Denki Sangyo Co., Ltd. · AC-WPS-11ac-PInaba Denki Sangyo Co., Ltd. · AC-WPSM-11acInaba Denki Sangyo Co., Ltd. · AC-WPSM-11ac-PWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →