Command Injection Vulnerability in the OmniAccess Stellar Web Management Interface

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

Successful exploitation of the vulnerability could allow an attacker to inject commands with root privileges on the access point, potentially leading to the loss of confidentiality, integrity, availability, and full control of the access point.

Basic Information

ID CVE-2025-52688

Source CSA

Published Jul 16, 2025 at 06:23

Modified Jul 16, 2025 at 14:41

Affected Product

Vendor Alcatel-Lucent

Product OmniAccess Stellar Products

Version AP1100 AWOS versions 5.0.2 GA and earlier

Affected Versions Alcatel-Lucent OmniAccess Stellar Products AP1100 AWOS versions 5.0.2 GA and earlier
Alcatel-Lucent OmniAccess Stellar Products AP1200 AWOS versions 5.0.2 GA and earlier
Alcatel-Lucent OmniAccess Stellar Products AP1300 AWOS versions 5.0.2 GA and earlier
Alcatel-Lucent OmniAccess Stellar Products AP1400 AWOS versions 5.0.2 GA and earlier
Alcatel-Lucent OmniAccess Stellar Products AP1500 AWOS versions 5.0.2 GA and earlier

CWE Classification

CWE-77

References

{
    "lastseen": "",
    "description": "Successful exploitation of the vulnerability could allow an attacker to inject commands with root privileges on the access point, potentially leading to the loss of confidentiality, integrity, availability, and full control of the access point.",
    "published": "2025-07-16T06:23:53.933Z",
    "modified": "2025-07-16T14:41:04.579Z",
    "type": "cve",
    "title": "Command Injection Vulnerability in the OmniAccess Stellar Web Management Interface",
    "source": "CSA",
    "references": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-072/\nhttps://www.al-enterprise.com/-/media/assets/internet/documents/sa-n0150-omniaccess-stellar-multiple-vulnerabilities.pdf\nhttps://jro.sg/CVEs/CVE-2025-52688/",
    "id": "CVE-2025-52688",
    "bulletinFamily": "",
    "cwe": [
        "CWE-77"
    ],
    "cvelist": null,
    "sourceData": "Alcatel-Lucent OmniAccess Stellar Products AP1100 AWOS versions 5.0.2 GA and earlier\nAlcatel-Lucent OmniAccess Stellar Products AP1200 AWOS versions 5.0.2 GA and earlier\nAlcatel-Lucent OmniAccess Stellar Products AP1300 AWOS versions 5.0.2 GA and earlier\nAlcatel-Lucent OmniAccess Stellar Products AP1400 AWOS versions 5.0.2 GA and earlier\nAlcatel-Lucent OmniAccess Stellar Products AP1500 AWOS versions 5.0.2 GA and earlier",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "OmniAccess Stellar Products",
    "version": "AP1100 AWOS versions 5.0.2 GA and earlier",
    "vendor": "Alcatel-Lucent",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Command Injection Vulnerability in the OmniAccess Stellar Web Management Interface_CVE-2025-52688