OS Command Injection Vulnerability in AP180 Series by Ruijie Networks
CVE-2026-23699

8.6HIGH

Key Information:

Vendor: Ruijie Networks Co., Ltd.
Status: Ap180(ja) V1.xx; Ap180(jp) V1.xx; Ap180-ac V1.xx; Ap180-pe V1.xx
Vendor: CVE Published:; 22 January 2026

🔔 Create Ruijie Networks Co., Ltd. Vulnerability Alert

What is CVE-2026-23699?

The AP180 series devices manufactured by Ruijie Networks are vulnerable to an OS command injection flaw that could allow an attacker to execute arbitrary commands on affected devices. This vulnerability exists in firmware versions prior to AP_RGOS 11.9(4)B1P8. Exploiting this issue could lead to unauthorized access and manipulation of the device's operating system, compromising the security of the network infrastructure.

Affected Version(s)

AP180-AC V1.xx prior to AP_RGOS 11.9(4)B1P8

AP180-AC V2.xx prior to AP_RGOS 11.9(4)B1P8

AP180-AC V3.xx prior to AP_RGOS 11.9(4)B1P8

References

https://www.ruijie.co.jp/products/rg-ap180-pe_p4321116509...

https://jvn.jp/en/jp/JVN86850670/

CVSS V4

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

CVSS V3.0

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 22, 2026
Vulnerability Reserved
Jan 15, 2026

JSON