VYPR
← All advisories
Unrated severityNVD Advisory· Published Jun 13, 2023· Updated Jan 3, 2025

CVE-2023-31196

CVE-2023-31196

Description

Missing authentication for critical function in Wi-Fi AP UNIT allows a remote unauthenticated attacker to obtain sensitive information of the affected products. Affected products and versions are as follows: AC-PD-WAPU v1.05_B04 and earlier, AC-PD-WAPUM v1.05_B04 and earlier, AC-PD-WAPU-P v1.05_B04P and earlier, AC-PD-WAPUM-P v1.05_B04P and earlier, AC-WAPU-300 v1.00_B07 and earlier, AC-WAPUM-300 v1.00_B07 and earlier, AC-WAPU-300-P v1.00_B07 and earlier, and AC-WAPUM-300-P v1.00_B07 and earlier

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Remote unauthenticated attacker can obtain sensitive information from affected Wi-Fi AP UNIT devices due to missing authentication for a critical function.

Vulnerability

Missing authentication for a critical function (CWE-306) in Inaba Denki Sangyo Wi-Fi AP UNIT devices allows a remote unauthenticated attacker to obtain sensitive information. Affected products and versions are: AC-PD-WAPU v1.05_B04 and earlier, AC-PD-WAPUM v1.05_B04 and earlier, AC-PD-WAPU-P v1.05_B04P and earlier, AC-PD-WAPUM-P v1.05_B04P and earlier, AC-WAPU-300 v1.00_B07 and earlier, AC-WAPUM-300 v1.00_B07 and earlier, AC-WAPU-300-P v1.00_B07 and earlier, and AC-WAPUM-300-P v1.00_B07 and earlier [1].

Exploitation

An attacker does not need authentication or any special network position; exploiting the missing authentication for critical function can be done remotely over the network (AV:N, PR:N, UI:N) [1]. The attacker can directly access the unauthenticated critical function to retrieve sensitive data without user interaction.

Impact

Successful exploitation allows a remote unauthenticated attacker to obtain sensitive information of the affected products [1]. The CVSS v3 base score of 7.5 (High) indicates high confidentiality impact, with no impact on integrity or availability [1].

Mitigation

The developer states that these products are no longer supported. Users are recommended to apply workarounds to mitigate the impact, but no patch is available [1]. No fixed version has been released.

References
  1. Multiple vulnerabilities in Inaba Denki Sangyo Wi-Fi AP UNIT

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

3
  • Abaniact (Inaba Co., Ltd.)/AC-WAPU-300llm-create
    Range: <= v1.00_B07
  • Inaba/AC-PD-WAPUllm-fuzzy
    Range: <= v1.05_B04
  • Inaba Denki Sangyo Co., Ltd./Wi-Fi AP UNITv5
    Range: AC-PD-WAPU v1.05_B04 and earlier, AC-PD-WAPUM v1.05_B04 and earlier, AC-PD-WAPU-P v1.05_B04P and earlier, AC-PD-WAPUM-P v1.05_B04P and earlier, AC-WAPU-300 v1.00_B07 and earlier, AC-WAPUM-300 v1.00_B07 and earlier, AC-WAPU-300-P v1.00_B07 and earlier, and AC-WAPUM-300-P v1.00_B07 and earlier

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.