CVE-2025-46413
📋 TL;DR
This vulnerability in BUFFALO WSR-1800AX4 series routers allows attackers to obtain Wi-Fi passwords and WPS PIN codes when WPS is enabled due to insufficient computational effort in password hashing. Affected users are those using these specific router models with WPS enabled. The attack requires proximity to the wireless network.
💻 Affected Systems
- BUFFALO WSR-1800AX4 series routers
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attacker gains full access to the Wi-Fi network, enabling man-in-the-middle attacks, network reconnaissance, and potential access to connected devices.
Likely Case
Unauthorized network access leading to bandwidth theft, network monitoring, and potential credential harvesting from unencrypted traffic.
If Mitigated
Limited impact if WPS is disabled and strong Wi-Fi passwords are used with WPA2/WPA3 encryption.
🎯 Exploit Status
Attack requires physical proximity to wireless signal and WPS must be enabled. No authentication required.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific patched firmware version
Vendor Advisory: https://www.buffalo.jp/news/detail/20251107-01.html
Restart Required: Yes
Instructions:
1. Access router admin interface (typically 192.168.11.1). 2. Navigate to firmware update section. 3. Download latest firmware from BUFFALO website. 4. Upload and apply firmware update. 5. Reboot router after update completes.
🔧 Temporary Workarounds
Disable WPS
allTurn off Wi-Fi Protected Setup feature to prevent exploitation
Use Strong Wi-Fi Password
allSet complex Wi-Fi password with WPA2/WPA3 encryption
🧯 If You Can't Patch
- Disable WPS immediately in router settings
- Change Wi-Fi password to complex 20+ character passphrase
- Consider replacing router with patched model
🔍 How to Verify
Check if Vulnerable:
Check router admin interface for WPS status and firmware version. If WPS is enabled and firmware is not patched, system is vulnerable.Check Version:
Check router web interface or use 'nmap -sV' against router IP to identify firmware versionVerify Fix Applied:
Verify firmware version matches patched version from vendor advisory and confirm WPS is disabled or router indicates security fix applied.📡 Detection & Monitoring
Log Indicators:
- Multiple failed WPS connection attempts
- Unusual MAC addresses connecting via WPS
Network Indicators:
- WPS protocol traffic from unknown devices
- Brute-force patterns in wireless packets
SIEM Query:
wireless wps AND (failed OR brute-force)