Command Injection Vulnerability in the OmniAccess Stellar over UDP Service

8.1 / 10

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

Successful exploitation of the vulnerability could allow an attacker to execute arbitrary commands as root, potentially leading to the loss of confidentiality, integrity, availability, and full control of the access point.

Basic Information

ID CVE-2025-52690

Source CSA

Published Jul 16, 2025 at 06:34

Modified Jul 16, 2025 at 14:40

Affected Product

Vendor Alcatel-Lucent

Product OmniAccess Stellar Products

Version AP1100 AWOS versions 5.0.2 GA and earlier

Affected Versions Alcatel-Lucent OmniAccess Stellar Products AP1100 AWOS versions 5.0.2 GA and earlier
Alcatel-Lucent OmniAccess Stellar Products AP1200 AWOS versions 5.0.2 GA and earlier
Alcatel-Lucent OmniAccess Stellar Products AP1300 AWOS versions 5.0.2 GA and earlier
Alcatel-Lucent OmniAccess Stellar Products AP1400 AWOS versions 5.0.2 GA and earlier
Alcatel-Lucent OmniAccess Stellar Products AP1500 AWOS versions 5.0.2 GA and earlier

CWE Classification

CWE-77

References

{
    "lastseen": "",
    "description": "Successful exploitation of the vulnerability could allow an attacker to execute arbitrary commands as root, potentially leading to the loss of confidentiality, integrity, availability, and full control of the access point.",
    "published": "2025-07-16T06:34:02.704Z",
    "modified": "2025-07-16T14:40:53.098Z",
    "type": "cve",
    "title": "Command Injection Vulnerability in the OmniAccess Stellar over UDP Service",
    "source": "CSA",
    "references": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-072/\nhttps://www.al-enterprise.com/-/media/assets/internet/documents/sa-n0150-omniaccess-stellar-multiple-vulnerabilities.pdf\nhttps://jro.sg/CVEs/CVE-2025-52690/",
    "id": "CVE-2025-52690",
    "bulletinFamily": "",
    "cwe": [
        "CWE-77"
    ],
    "cvelist": null,
    "sourceData": "Alcatel-Lucent OmniAccess Stellar Products AP1100 AWOS versions 5.0.2 GA and earlier\nAlcatel-Lucent OmniAccess Stellar Products AP1200 AWOS versions 5.0.2 GA and earlier\nAlcatel-Lucent OmniAccess Stellar Products AP1300 AWOS versions 5.0.2 GA and earlier\nAlcatel-Lucent OmniAccess Stellar Products AP1400 AWOS versions 5.0.2 GA and earlier\nAlcatel-Lucent OmniAccess Stellar Products AP1500 AWOS versions 5.0.2 GA and earlier",
    "sourceHref": "",
    "cvss": {
        "score": 8.1,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "OmniAccess Stellar Products",
    "version": "AP1100 AWOS versions 5.0.2 GA and earlier",
    "vendor": "Alcatel-Lucent",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Command Injection Vulnerability in the OmniAccess Stellar over UDP Service_CVE-2025-52690