CVE-2025-46413
BaseFortify
Publication date: 2025-11-07
Last updated on: 2025-11-12
Assigner: JPCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| buffalo | wsr-1800ax4 | 1.09 |
| buffalo | wsr-1800ax4b | 1.11 |
| buffalo | wsr-1800ax4s | 1.11 |
| buffalo | wsr-1800ax4-kh | 1.19 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-916 | The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the BUFFALO Wi-Fi router WSR-1800AX4 series. It involves the use of a password hash with insufficient computational effort, which means the hashing process is too weak to prevent attacks. When WPS (Wi-Fi Protected Setup) is enabled, an attacker may be able to obtain the router's PIN code and/or Wi-Fi password.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability could gain unauthorized access to your Wi-Fi network by obtaining the WPS PIN code or Wi-Fi password. This could lead to unauthorized network access, potentially compromising your network security and any devices connected to it.