Inaba Denki Sangyo Wi-Fi AP Unit AC-WPS-11ac Series Cross-Site Request Forgery Vulnerability

A cross-site request forgery (CSRF) vulnerability has been identified in the Wi-Fi AP UNIT 'AC-WPS-11ac series' by Inaba Denki Sangyo Co., Ltd. This vulnerability affects all versions through v2.0.03P. When a user, logged into the device, views a malicious webpage, it may trigger unintended actions on the device.

Impact

Exploitation of this vulnerability could lead to unauthorized operations being performed on the affected device, potentially allowing for changes to the device's settings or internal data.

Remediation

Users are advised to update the device's firmware to the latest version, v2.0.06.13P. If the firmware update is not feasible, the manufacturer recommends implementing certain workarounds, such as prohibiting access to the web UI from WAN or wireless connections, and registering the MAC addresses of permitted wireless devices.