CVE-2025-46413
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-07

Last updated on: 2025-11-12

Assigner: JPCERT/CC

Description
Use of password hash with insufficient computational effort issue exists in BUFFALO Wi-Fi router 'WSR-1800AX4 series'. When WPS is enabled, PIN code and/or Wi-Fi password may be obtained by an attacker.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-07
Last Modified
2025-11-12
Generated
2026-06-16
AI Q&A
2025-11-07
EPSS Evaluated
2026-06-14
NVD
CVE-2025-46413
EUVD
EUVD-2025-38245
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
buffalo wsr-1800ax4 1.09
buffalo wsr-1800ax4b 1.11
buffalo wsr-1800ax4s 1.11
buffalo wsr-1800ax4-kh 1.19
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-916 The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

An attacker exploiting this vulnerability could gain unauthorized access to your Wi-Fi network by obtaining the WPS PIN code or Wi-Fi password. This could lead to unauthorized network access, potentially compromising your network security and any devices connected to it.

Executive Summary

This vulnerability exists in the BUFFALO Wi-Fi router WSR-1800AX4 series. It involves the use of a password hash with insufficient computational effort, which means the hashing process is too weak to prevent attacks. When WPS (Wi-Fi Protected Setup) is enabled, an attacker may be able to obtain the router's PIN code and/or Wi-Fi password.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-46413. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart