CVE-2025-46413

Summary

Use of password hash with insufficient computational effort issue exists in BUFFALO Wi-Fi router 'WSR-1800AX4 series'. When WPS is enabled, PIN code and/or Wi-Fi password may be obtained by an attacker.

Affected Software

VendorProductVersion RangeStatus
BUFFALO INC.WSR-1800AX4prior to Ver.1.09affected
BUFFALO INC.WSR-1800AX4Sprior to Ver.1.11affected
BUFFALO INC.WSR-1800AX4Bprior to Ver.1.11affected
BUFFALO INC.WSR-1800AX4-KHprior to Ver.1.19affected

Weaknesses

  • CWE-916: Use of password hash with insufficient computational effort

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References