CVE-2025-52688

Summary

Successful exploitation of the vulnerability could allow an attacker to inject commands with root privileges on the access point, potentially leading to the loss of confidentiality, integrity, availability, and full control of the access point.

Affected Software

VendorProductVersion RangeStatus
Alcatel-LucentOmniAccess Stellar ProductsAP1100 AWOS versions 5.0.2 GA and earlieraffected
Alcatel-LucentOmniAccess Stellar ProductsAP1200 AWOS versions 5.0.2 GA and earlieraffected
Alcatel-LucentOmniAccess Stellar ProductsAP1300 AWOS versions 5.0.2 GA and earlieraffected
Alcatel-LucentOmniAccess Stellar ProductsAP1400 AWOS versions 5.0.2 GA and earlieraffected
Alcatel-LucentOmniAccess Stellar ProductsAP1500 AWOS versions 5.0.2 GA and earlieraffected

Weaknesses

  • CWE-77: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: total

Additional References

References