Remote Command Execution Vulnerability in Access Point by Vendor
CVE-2025-52690

8.1HIGH

Key Information:

Vendor: Alcatel-lucent
Status: Omniaccess Stellar Products
Vendor: CVE Published:; 16 July 2025

🔔 Create Alcatel-lucent Vulnerability Alert

What is CVE-2025-52690?

This vulnerability allows attackers to gain unauthorized access through the execution of arbitrary commands with root privileges on the affected access point models. Exploitation could result in significant risks to the confidentiality, integrity, and availability of the device, permitting full control over the affected access point and its network.

Affected Version(s)

OmniAccess Stellar Products AP1100 AWOS versions 5.0.2 GA and earlier

OmniAccess Stellar Products AP1200 AWOS versions 5.0.2 GA and earlier

OmniAccess Stellar Products AP1300 AWOS versions 5.0.2 GA and earlier

References

https://www.csa.gov.sg/alerts-and-advisories/alerts/al-20...

https://www.al-enterprise.com/-/media/assets/internet/doc...

https://jro.sg/CVEs/CVE-2025-52690/

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 16, 2025
Vulnerability Reserved
Jun 19, 2025

Credit

Lam Jun Rong