CVE-2025-52688
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Successful exploitation of the vulnerability could allow an attacker to inject commands with root privileges on the access point, potentially leading to the loss of confidentiality, integrity, availability, and full control of the access point.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Alcatel-Lucent | OmniAccess Stellar Products | AP1100 AWOS versions 5.0.2 GA and earlier | affected |
| Alcatel-Lucent | OmniAccess Stellar Products | AP1200 AWOS versions 5.0.2 GA and earlier | affected |
| Alcatel-Lucent | OmniAccess Stellar Products | AP1300 AWOS versions 5.0.2 GA and earlier | affected |
| Alcatel-Lucent | OmniAccess Stellar Products | AP1400 AWOS versions 5.0.2 GA and earlier | affected |
| Alcatel-Lucent | OmniAccess Stellar Products | AP1500 AWOS versions 5.0.2 GA and earlier | affected |
Weaknesses
- CWE-77: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: total
Additional References
References
- https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-072/
- https://www.al-enterprise.com/-/media/assets/internet/documents/sa-n0150-omniaccess-stellar-multiple-vulnerabilities.pdf
- https://jro.sg/CVEs/CVE-2025-52688/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.