Command Injection Vulnerability in Access Points by Alcatel-Lucent
CVE-2025-52688

9.8CRITICAL

Key Information:

Vendor

Alcatel-lucent

Status
Omniaccess Stellar Products
Vendor
CVE Published:
16 July 2025

What is CVE-2025-52688?

A command injection vulnerability exists in Alcatel-Lucent access points, allowing an attacker to inject arbitrary commands with elevated privileges. This exploitation could lead to severe consequences, including unauthorized access to sensitive data and potential total compromise of the access point, undermining its functionality and security. Network administrators must prioritize patching vulnerable devices to mitigate threats to confidentiality, integrity, and availability.

Affected Version(s)

OmniAccess Stellar Products AP1100 AWOS versions 5.0.2 GA and earlier

OmniAccess Stellar Products AP1200 AWOS versions 5.0.2 GA and earlier

OmniAccess Stellar Products AP1300 AWOS versions 5.0.2 GA and earlier

References

https://www.csa.gov.sg/alerts-and-advisories/alerts/al-20...
https://www.al-enterprise.com/-/media/assets/internet/doc...
https://jro.sg/CVEs/CVE-2025-52688/

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Joel Chang Zhi Kai
Liu Yisen
Cao Wei
Lam Jun Rong
River Koh
Yeo Jun Yi Keith
Hyunseok Yun
.