CVE-2025-27722 in AC-WPS-11ac
Summary
by MITRE • 04/09/2025
Cleartext transmission of sensitive information issue exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a man-in-the-middle attack may allow a remote unauthenticated attacker to eavesdrop the communication and obtain the authentication information.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 04/09/2025
The vulnerability identified as CVE-2025-27722 represents a critical security flaw in the Wi-Fi Access Point UNIT AC-WPS-11ac series, specifically related to cleartext transmission of sensitive information. This issue stems from the device's failure to implement proper encryption mechanisms for protecting authentication data during wireless communication. The vulnerability exists within the device's wireless protocols and authentication handling processes, creating an exploitable condition that allows remote attackers to intercept and analyze network traffic without requiring authentication credentials. The affected device operates within the wireless infrastructure layer, where it handles authentication requests and manages wireless client connections through the WPS (Wi-Fi Protected Setup) protocol framework.
The technical implementation flaw manifests in the device's inability to secure sensitive authentication information during transmission, effectively transmitting credentials and authentication parameters in plaintext format. This weakness creates a direct pathway for malicious actors to perform man-in-the-middle attacks by positioning themselves between the wireless client and the access point. The vulnerability is particularly concerning because it affects the fundamental authentication process of the wireless network, potentially allowing attackers to capture and replay authentication tokens, user credentials, or other sensitive data exchanged during the connection establishment phase. The flaw directly violates security best practices for wireless network communication and represents a significant deviation from established wireless security standards.
From an operational impact perspective, this vulnerability compromises the confidentiality and integrity of wireless network communications, potentially enabling unauthorized access to network resources and sensitive data. Remote unauthenticated attackers can exploit this weakness to eavesdrop on wireless communications, capture authentication information, and potentially gain unauthorized network access. The attack vector is particularly dangerous because it requires no prior authentication or network access privileges, making it accessible to any attacker within range of the vulnerable access point. The implications extend beyond simple credential theft to include potential network compromise, data exfiltration, and unauthorized access to connected systems and services.
Security mitigation strategies should focus on implementing robust encryption protocols and updating the affected firmware to address the cleartext transmission vulnerability. Network administrators should immediately disable WPS functionality on affected devices and implement stronger authentication mechanisms such as WPA3 or WPA2-Enterprise with proper certificate-based authentication. The vulnerability aligns with CWE-312 (Cleartext Storage of Sensitive Information) and CWE-319 (Cleartext Transmission of Sensitive Information) classifications, and represents a technique commonly associated with ATT&CK tactic TA0006 (Credential Access) and technique T1075 (Pass the Hash). Organizations should conduct immediate vulnerability assessments of their wireless infrastructure, implement network segmentation to limit attack surface, and ensure all wireless devices are running patched firmware versions that address this specific transmission flaw. Additionally, network monitoring should be enhanced to detect anomalous wireless traffic patterns that may indicate exploitation attempts.