Inaba Denki Sangyo Wi-Fi AP Unit Clickjacking Vulnerability

A clickjacking vulnerability has been identified in the Wi-Fi AP UNIT 'AC-WPS-11ac series' by Inaba Denki Sangyo Co., Ltd. This issue affects users who are logged in and interact with content on a malicious page, potentially leading to unintended actions being performed. The vulnerability is present in all versions through v2.0.03P of the AC-WPS-11ac, AC-WPS-11ac-P, AC-WPSM-11ac, AC-WPSM-11ac-P, AC-PD-WPS-11ac, and AC-PD-WPS-11ac-P products.

Impact

Exploitation of this vulnerability allows for unintended operations to be performed on behalf of the user who is logged in.

Remediation

Users are advised to update the firmware to the latest version, v2.0.06.13P, available for all affected product variants. If updating is not possible, consider implementing recommended workarounds, such as restricting access to the WEB UI from WAN/Wireless connections and using a router with updated firmware.