Use of Password Hash With Insufficient Computational Effort

CVE-2025-46413

Medium

5.3/10

Summary

Use of password hash with insufficient computational effort issue exists in BUFFALO Wi-Fi router 'WSR-1800AX4 series'. When WPS is enabled, PIN code and/or Wi-Fi password may be obtained by an attacker.

Attack Complexity: LOW
Attack Vector: ADJACENT_NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-916 - Use of Password Hash With Insufficient Computational Effort

The software generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive.

References

Advisory Timeline

Published Nov 07, 2025

Use of Password Hash With Insufficient Computational Effort

CVE-2025-46413

Summary

CWE-916 - Use of Password Hash With Insufficient Computational Effort

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS