CVE-2025-46413
BaseFortify
Publication date: 2025-11-07
Last updated on: 2025-11-12
Assigner: JPCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| buffalo | wsr-1800ax4 | 1.09 |
| buffalo | wsr-1800ax4b | 1.11 |
| buffalo | wsr-1800ax4s | 1.11 |
| buffalo | wsr-1800ax4-kh | 1.19 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-916 | The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
An attacker exploiting this vulnerability could gain unauthorized access to your Wi-Fi network by obtaining the WPS PIN code or Wi-Fi password. This could lead to unauthorized network access, potentially compromising your network security and any devices connected to it.
Can you explain this vulnerability to me?
This vulnerability exists in the BUFFALO Wi-Fi router WSR-1800AX4 series. It involves the use of a password hash with insufficient computational effort, which means the hashing process is too weak to prevent attacks. When WPS (Wi-Fi Protected Setup) is enabled, an attacker may be able to obtain the router's PIN code and/or Wi-Fi password.