Inaba Denki Sangyo Wi-Fi AP Unit AC-WPS-11ac Series OS Command Injection Vulnerability

An OS command injection vulnerability has been identified in the Wi-Fi AP UNIT 'AC-WPS-11ac series' by Inaba Denki Sangyo Co., Ltd. This vulnerability exists in the specific service of the access point units. When exploited, it allows a remote attacker who can log in to the device to execute arbitrary OS commands.

Impact

Exploitation of this vulnerability allows for arbitrary OS command execution on the affected device by a remote attacker with valid login credentials.

Remediation

Users are advised to update the device's firmware to the latest version, v2.0.06.13P. If the firmware update is not feasible, Inaba Denki Sangyo Co., Ltd. recommends implementing certain workarounds, such as changing the device's default IP address, restricting access to the WEB UI from WAN/Wireless, and using connection filtering features to manage device access.