CVE-2026-23699

Summary

AP180 series with firmware versions prior to AP_RGOS 11.9(4)B1P8 contains an OS command injection vulnerability. If this vulnerability is exploited, arbitrary commands may be executed on the devices.

Affected Software

VendorProductVersion RangeStatus
Ruijie Networks Co., Ltd.AP180(JA) V1.xxprior to AP_RGOS 11.9(4)B1P8affected
Ruijie Networks Co., Ltd.AP180(JP) V1.xxprior to AP_RGOS 11.9(4)B1P8affected
Ruijie Networks Co., Ltd.AP180-AC V1.xxprior to AP_RGOS 11.9(4)B1P8affected
Ruijie Networks Co., Ltd.AP180-PE V1.xxprior to AP_RGOS 11.9(4)B1P8affected
Ruijie Networks Co., Ltd.AP180(JA) V2.xxprior to AP_RGOS 11.9(4)B1P8affected
Ruijie Networks Co., Ltd.AP180-AC V2.xxprior to AP_RGOS 11.9(4)B1P8affected
Ruijie Networks Co., Ltd.AP180-PE V2.xxprior to AP_RGOS 11.9(4)B1P8affected
Ruijie Networks Co., Ltd.AP180-AC V3.xxprior to AP_RGOS 11.9(4)B1P8affected
Ruijie Networks Co., Ltd.AP180-PE V3.xxprior to AP_RGOS 11.9(4)B1P8affected

Weaknesses

  • CWE-78: Improper neutralization of special elements used in an OS command ('OS Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References