Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for OmniAccess Stellar Products by Alcatel-Lucent

    CVE-2025-52690 (GCVE-0-2025-52690)

    Vulnerability from nvd – Published: 2025-07-16 06:34 – Updated: 2025-07-16 14:40
    VLAI
    Title
    Command Injection Vulnerability in the OmniAccess Stellar over UDP Service
    Summary
    Successful exploitation of the vulnerability could allow an attacker to execute arbitrary commands as root, potentially leading to the loss of confidentiality, integrity, availability, and full control of the access point.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    CSA
    Impacted products
    Vendor Product Version
    Alcatel-Lucent OmniAccess Stellar Products Affected: AP1100 AWOS versions 5.0.2 GA and earlier
    Affected: AP1200 AWOS versions 5.0.2 GA and earlier
    Affected: AP1300 AWOS versions 5.0.2 GA and earlier
    Affected: AP1400 AWOS versions 5.0.2 GA and earlier
    Affected: AP1500 AWOS versions 5.0.2 GA and earlier
    Create a notification for this product.
    Date Public
    2025-07-16 06:31
    Credits
    Lam Jun Rong
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-52690",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-16T14:35:23.553527Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-16T14:40:53.098Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://jro.sg/CVEs/CVE-2025-52690/"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "OmniAccess Stellar Products",
              "vendor": "Alcatel-Lucent",
              "versions": [
                {
                  "status": "affected",
                  "version": "AP1100 AWOS versions 5.0.2 GA and earlier"
                },
                {
                  "status": "affected",
                  "version": "AP1200 AWOS versions 5.0.2 GA and earlier"
                },
                {
                  "status": "affected",
                  "version": "AP1300 AWOS versions 5.0.2 GA and earlier"
                },
                {
                  "status": "affected",
                  "version": "AP1400 AWOS versions 5.0.2 GA and earlier"
                },
                {
                  "status": "affected",
                  "version": "AP1500 AWOS versions 5.0.2 GA and earlier"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Lam Jun Rong"
            }
          ],
          "datePublic": "2025-07-16T06:31:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Successful exploitation of the vulnerability could allow an attacker to execute arbitrary commands as root, potentially leading to the loss of confidentiality, integrity, availability, and full control of the access point."
                }
              ],
              "value": "Successful exploitation of the vulnerability could allow an attacker to execute arbitrary commands as root, potentially leading to the loss of confidentiality, integrity, availability, and full control of the access point."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-16T06:34:02.704Z",
            "orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
            "shortName": "CSA"
          },
          "references": [
            {
              "url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-072/"
            },
            {
              "url": "https://www.al-enterprise.com/-/media/assets/internet/documents/sa-n0150-omniaccess-stellar-multiple-vulnerabilities.pdf"
            },
            {
              "url": "https://jro.sg/CVEs/CVE-2025-52690/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Users and administrators of affected products are advised to contact their Business Partner immediately to update to the latest version."
                }
              ],
              "value": "Users and administrators of affected products are advised to contact their Business Partner immediately to update to the latest version."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Command Injection Vulnerability in the OmniAccess Stellar over UDP Service",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
        "assignerShortName": "CSA",
        "cveId": "CVE-2025-52690",
        "datePublished": "2025-07-16T06:34:02.704Z",
        "dateReserved": "2025-06-19T06:04:41.987Z",
        "dateUpdated": "2025-07-16T14:40:53.098Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-52689 (GCVE-0-2025-52689)

    Vulnerability from nvd – Published: 2025-07-16 06:30 – Updated: 2025-07-16 14:40
    VLAI
    Title
    Weak Session ID Check in the OmniAccess Stellar Web Management Interface
    Summary
    Successful exploitation of the vulnerability could allow an unauthenticated attacker to obtain a valid session ID with administrator privileges by spoofing the login request, potentially allowing the attacker to modify the behaviour of the access point.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    CSA
    Impacted products
    Vendor Product Version
    Alcatel-Lucent OmniAccess Stellar Products Affected: AP1100 AWOS versions 5.0.2 GA and earlier
    Affected: AP1200 AWOS versions 5.0.2 GA and earlier
    Affected: AP1300 AWOS versions 5.0.2 GA and earlier
    Affected: AP1400 AWOS versions 5.0.2 GA and earlier
    Affected: AP1500 AWOS versions 5.0.2 GA and earlier
    Create a notification for this product.
    Date Public
    2025-07-16 06:26
    Credits
    Lam Jun Rong Cao Yitian
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-52689",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-16T14:35:50.269269Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-16T14:40:58.689Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/UltimateHG/CVE-2025-52689-PoC"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "OmniAccess Stellar Products",
              "vendor": "Alcatel-Lucent",
              "versions": [
                {
                  "status": "affected",
                  "version": "AP1100 AWOS versions 5.0.2 GA and earlier"
                },
                {
                  "status": "affected",
                  "version": "AP1200 AWOS versions 5.0.2 GA and earlier"
                },
                {
                  "status": "affected",
                  "version": "AP1300 AWOS versions 5.0.2 GA and earlier"
                },
                {
                  "status": "affected",
                  "version": "AP1400 AWOS versions 5.0.2 GA and earlier"
                },
                {
                  "status": "affected",
                  "version": "AP1500 AWOS versions 5.0.2 GA and earlier"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Lam Jun Rong"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Cao Yitian"
            }
          ],
          "datePublic": "2025-07-16T06:26:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Successful exploitation of the vulnerability could allow an unauthenticated attacker to obtain a valid session ID with administrator privileges by spoofing the login request, potentially allowing the attacker to modify the behaviour of the access point."
                }
              ],
              "value": "Successful exploitation of the vulnerability could allow an unauthenticated attacker to obtain a valid session ID with administrator privileges by spoofing the login request, potentially allowing the attacker to modify the behaviour of the access point."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-384",
                  "description": "CWE-384 Session Fixation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-16T06:30:11.161Z",
            "orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
            "shortName": "CSA"
          },
          "references": [
            {
              "url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-072/"
            },
            {
              "url": "https://www.al-enterprise.com/-/media/assets/internet/documents/sa-n0150-omniaccess-stellar-multiple-vulnerabilities.pdf"
            },
            {
              "url": "https://blog.uhg.sg/article/24.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Users and administrators of affected products are advised to contact their Business Partner immediately to update to the latest version.\n\n\u003cbr\u003e"
                }
              ],
              "value": "Users and administrators of affected products are advised to contact their Business Partner immediately to update to the latest version."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Weak Session ID Check in the OmniAccess Stellar Web Management Interface",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
        "assignerShortName": "CSA",
        "cveId": "CVE-2025-52689",
        "datePublished": "2025-07-16T06:30:11.161Z",
        "dateReserved": "2025-06-19T06:04:41.987Z",
        "dateUpdated": "2025-07-16T14:40:58.689Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-52688 (GCVE-0-2025-52688)

    Vulnerability from nvd – Published: 2025-07-16 06:23 – Updated: 2025-07-16 14:41
    VLAI
    Title
    Command Injection Vulnerability in the OmniAccess Stellar Web Management Interface
    Summary
    Successful exploitation of the vulnerability could allow an attacker to inject commands with root privileges on the access point, potentially leading to the loss of confidentiality, integrity, availability, and full control of the access point.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    CSA
    Impacted products
    Vendor Product Version
    Alcatel-Lucent OmniAccess Stellar Products Affected: AP1100 AWOS versions 5.0.2 GA and earlier
    Affected: AP1200 AWOS versions 5.0.2 GA and earlier
    Affected: AP1300 AWOS versions 5.0.2 GA and earlier
    Affected: AP1400 AWOS versions 5.0.2 GA and earlier
    Affected: AP1500 AWOS versions 5.0.2 GA and earlier
    Create a notification for this product.
    Date Public
    2025-07-16 06:15
    Credits
    Joel Chang Zhi Kai Liu Yisen Cao Wei Lam Jun Rong River Koh Yeo Jun Yi Keith Hyunseok Yun
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-52688",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-16T14:37:02.110254Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-16T14:41:04.579Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://jro.sg/CVEs/CVE-2025-52688/"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "OmniAccess Stellar Products",
              "vendor": "Alcatel-Lucent",
              "versions": [
                {
                  "status": "affected",
                  "version": "AP1100 AWOS versions 5.0.2 GA and earlier"
                },
                {
                  "status": "affected",
                  "version": "AP1200 AWOS versions 5.0.2 GA and earlier"
                },
                {
                  "status": "affected",
                  "version": "AP1300 AWOS versions 5.0.2 GA and earlier"
                },
                {
                  "status": "affected",
                  "version": "AP1400 AWOS versions 5.0.2 GA and earlier"
                },
                {
                  "status": "affected",
                  "version": "AP1500 AWOS versions 5.0.2 GA and earlier"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Joel Chang Zhi Kai"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Liu Yisen"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Cao Wei"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Lam Jun Rong"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "River Koh"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Yeo Jun Yi Keith"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Hyunseok Yun"
            }
          ],
          "datePublic": "2025-07-16T06:15:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Successful exploitation of the vulnerability could allow an attacker to inject commands with root privileges on the access point, potentially leading to the loss of confidentiality, integrity, availability, and full control of the access point."
                }
              ],
              "value": "Successful exploitation of the vulnerability could allow an attacker to inject commands with root privileges on the access point, potentially leading to the loss of confidentiality, integrity, availability, and full control of the access point."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-16T06:23:53.933Z",
            "orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
            "shortName": "CSA"
          },
          "references": [
            {
              "url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-072/"
            },
            {
              "url": "https://www.al-enterprise.com/-/media/assets/internet/documents/sa-n0150-omniaccess-stellar-multiple-vulnerabilities.pdf"
            },
            {
              "url": "https://jro.sg/CVEs/CVE-2025-52688/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Users and administrators of affected products are advised to contact their Business Partner immediately to update to the latest version.\n\n\u003cbr\u003e"
                }
              ],
              "value": "Users and administrators of affected products are advised to contact their Business Partner immediately to update to the latest version."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Command Injection Vulnerability in the OmniAccess Stellar Web Management Interface",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
        "assignerShortName": "CSA",
        "cveId": "CVE-2025-52688",
        "datePublished": "2025-07-16T06:23:53.933Z",
        "dateReserved": "2025-06-19T06:04:41.986Z",
        "dateUpdated": "2025-07-16T14:41:04.579Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-52690 (GCVE-0-2025-52690)

    Vulnerability from cvelistv5 – Published: 2025-07-16 06:34 – Updated: 2025-07-16 14:40
    VLAI
    Title
    Command Injection Vulnerability in the OmniAccess Stellar over UDP Service
    Summary
    Successful exploitation of the vulnerability could allow an attacker to execute arbitrary commands as root, potentially leading to the loss of confidentiality, integrity, availability, and full control of the access point.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    CSA
    Impacted products
    Vendor Product Version
    Alcatel-Lucent OmniAccess Stellar Products Affected: AP1100 AWOS versions 5.0.2 GA and earlier
    Affected: AP1200 AWOS versions 5.0.2 GA and earlier
    Affected: AP1300 AWOS versions 5.0.2 GA and earlier
    Affected: AP1400 AWOS versions 5.0.2 GA and earlier
    Affected: AP1500 AWOS versions 5.0.2 GA and earlier
    Create a notification for this product.
    Date Public
    2025-07-16 06:31
    Credits
    Lam Jun Rong
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-52690",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-16T14:35:23.553527Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-16T14:40:53.098Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://jro.sg/CVEs/CVE-2025-52690/"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "OmniAccess Stellar Products",
              "vendor": "Alcatel-Lucent",
              "versions": [
                {
                  "status": "affected",
                  "version": "AP1100 AWOS versions 5.0.2 GA and earlier"
                },
                {
                  "status": "affected",
                  "version": "AP1200 AWOS versions 5.0.2 GA and earlier"
                },
                {
                  "status": "affected",
                  "version": "AP1300 AWOS versions 5.0.2 GA and earlier"
                },
                {
                  "status": "affected",
                  "version": "AP1400 AWOS versions 5.0.2 GA and earlier"
                },
                {
                  "status": "affected",
                  "version": "AP1500 AWOS versions 5.0.2 GA and earlier"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Lam Jun Rong"
            }
          ],
          "datePublic": "2025-07-16T06:31:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Successful exploitation of the vulnerability could allow an attacker to execute arbitrary commands as root, potentially leading to the loss of confidentiality, integrity, availability, and full control of the access point."
                }
              ],
              "value": "Successful exploitation of the vulnerability could allow an attacker to execute arbitrary commands as root, potentially leading to the loss of confidentiality, integrity, availability, and full control of the access point."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-16T06:34:02.704Z",
            "orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
            "shortName": "CSA"
          },
          "references": [
            {
              "url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-072/"
            },
            {
              "url": "https://www.al-enterprise.com/-/media/assets/internet/documents/sa-n0150-omniaccess-stellar-multiple-vulnerabilities.pdf"
            },
            {
              "url": "https://jro.sg/CVEs/CVE-2025-52690/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Users and administrators of affected products are advised to contact their Business Partner immediately to update to the latest version."
                }
              ],
              "value": "Users and administrators of affected products are advised to contact their Business Partner immediately to update to the latest version."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Command Injection Vulnerability in the OmniAccess Stellar over UDP Service",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
        "assignerShortName": "CSA",
        "cveId": "CVE-2025-52690",
        "datePublished": "2025-07-16T06:34:02.704Z",
        "dateReserved": "2025-06-19T06:04:41.987Z",
        "dateUpdated": "2025-07-16T14:40:53.098Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-52689 (GCVE-0-2025-52689)

    Vulnerability from cvelistv5 – Published: 2025-07-16 06:30 – Updated: 2025-07-16 14:40
    VLAI
    Title
    Weak Session ID Check in the OmniAccess Stellar Web Management Interface
    Summary
    Successful exploitation of the vulnerability could allow an unauthenticated attacker to obtain a valid session ID with administrator privileges by spoofing the login request, potentially allowing the attacker to modify the behaviour of the access point.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    CSA
    Impacted products
    Vendor Product Version
    Alcatel-Lucent OmniAccess Stellar Products Affected: AP1100 AWOS versions 5.0.2 GA and earlier
    Affected: AP1200 AWOS versions 5.0.2 GA and earlier
    Affected: AP1300 AWOS versions 5.0.2 GA and earlier
    Affected: AP1400 AWOS versions 5.0.2 GA and earlier
    Affected: AP1500 AWOS versions 5.0.2 GA and earlier
    Create a notification for this product.
    Date Public
    2025-07-16 06:26
    Credits
    Lam Jun Rong Cao Yitian
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-52689",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-16T14:35:50.269269Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-16T14:40:58.689Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/UltimateHG/CVE-2025-52689-PoC"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "OmniAccess Stellar Products",
              "vendor": "Alcatel-Lucent",
              "versions": [
                {
                  "status": "affected",
                  "version": "AP1100 AWOS versions 5.0.2 GA and earlier"
                },
                {
                  "status": "affected",
                  "version": "AP1200 AWOS versions 5.0.2 GA and earlier"
                },
                {
                  "status": "affected",
                  "version": "AP1300 AWOS versions 5.0.2 GA and earlier"
                },
                {
                  "status": "affected",
                  "version": "AP1400 AWOS versions 5.0.2 GA and earlier"
                },
                {
                  "status": "affected",
                  "version": "AP1500 AWOS versions 5.0.2 GA and earlier"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Lam Jun Rong"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Cao Yitian"
            }
          ],
          "datePublic": "2025-07-16T06:26:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Successful exploitation of the vulnerability could allow an unauthenticated attacker to obtain a valid session ID with administrator privileges by spoofing the login request, potentially allowing the attacker to modify the behaviour of the access point."
                }
              ],
              "value": "Successful exploitation of the vulnerability could allow an unauthenticated attacker to obtain a valid session ID with administrator privileges by spoofing the login request, potentially allowing the attacker to modify the behaviour of the access point."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-384",
                  "description": "CWE-384 Session Fixation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-16T06:30:11.161Z",
            "orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
            "shortName": "CSA"
          },
          "references": [
            {
              "url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-072/"
            },
            {
              "url": "https://www.al-enterprise.com/-/media/assets/internet/documents/sa-n0150-omniaccess-stellar-multiple-vulnerabilities.pdf"
            },
            {
              "url": "https://blog.uhg.sg/article/24.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Users and administrators of affected products are advised to contact their Business Partner immediately to update to the latest version.\n\n\u003cbr\u003e"
                }
              ],
              "value": "Users and administrators of affected products are advised to contact their Business Partner immediately to update to the latest version."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Weak Session ID Check in the OmniAccess Stellar Web Management Interface",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
        "assignerShortName": "CSA",
        "cveId": "CVE-2025-52689",
        "datePublished": "2025-07-16T06:30:11.161Z",
        "dateReserved": "2025-06-19T06:04:41.987Z",
        "dateUpdated": "2025-07-16T14:40:58.689Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-52688 (GCVE-0-2025-52688)

    Vulnerability from cvelistv5 – Published: 2025-07-16 06:23 – Updated: 2025-07-16 14:41
    VLAI
    Title
    Command Injection Vulnerability in the OmniAccess Stellar Web Management Interface
    Summary
    Successful exploitation of the vulnerability could allow an attacker to inject commands with root privileges on the access point, potentially leading to the loss of confidentiality, integrity, availability, and full control of the access point.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    CSA
    Impacted products
    Vendor Product Version
    Alcatel-Lucent OmniAccess Stellar Products Affected: AP1100 AWOS versions 5.0.2 GA and earlier
    Affected: AP1200 AWOS versions 5.0.2 GA and earlier
    Affected: AP1300 AWOS versions 5.0.2 GA and earlier
    Affected: AP1400 AWOS versions 5.0.2 GA and earlier
    Affected: AP1500 AWOS versions 5.0.2 GA and earlier
    Create a notification for this product.
    Date Public
    2025-07-16 06:15
    Credits
    Joel Chang Zhi Kai Liu Yisen Cao Wei Lam Jun Rong River Koh Yeo Jun Yi Keith Hyunseok Yun
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-52688",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-16T14:37:02.110254Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-16T14:41:04.579Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://jro.sg/CVEs/CVE-2025-52688/"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "OmniAccess Stellar Products",
              "vendor": "Alcatel-Lucent",
              "versions": [
                {
                  "status": "affected",
                  "version": "AP1100 AWOS versions 5.0.2 GA and earlier"
                },
                {
                  "status": "affected",
                  "version": "AP1200 AWOS versions 5.0.2 GA and earlier"
                },
                {
                  "status": "affected",
                  "version": "AP1300 AWOS versions 5.0.2 GA and earlier"
                },
                {
                  "status": "affected",
                  "version": "AP1400 AWOS versions 5.0.2 GA and earlier"
                },
                {
                  "status": "affected",
                  "version": "AP1500 AWOS versions 5.0.2 GA and earlier"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Joel Chang Zhi Kai"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Liu Yisen"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Cao Wei"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Lam Jun Rong"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "River Koh"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Yeo Jun Yi Keith"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Hyunseok Yun"
            }
          ],
          "datePublic": "2025-07-16T06:15:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Successful exploitation of the vulnerability could allow an attacker to inject commands with root privileges on the access point, potentially leading to the loss of confidentiality, integrity, availability, and full control of the access point."
                }
              ],
              "value": "Successful exploitation of the vulnerability could allow an attacker to inject commands with root privileges on the access point, potentially leading to the loss of confidentiality, integrity, availability, and full control of the access point."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-16T06:23:53.933Z",
            "orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
            "shortName": "CSA"
          },
          "references": [
            {
              "url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-072/"
            },
            {
              "url": "https://www.al-enterprise.com/-/media/assets/internet/documents/sa-n0150-omniaccess-stellar-multiple-vulnerabilities.pdf"
            },
            {
              "url": "https://jro.sg/CVEs/CVE-2025-52688/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Users and administrators of affected products are advised to contact their Business Partner immediately to update to the latest version.\n\n\u003cbr\u003e"
                }
              ],
              "value": "Users and administrators of affected products are advised to contact their Business Partner immediately to update to the latest version."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Command Injection Vulnerability in the OmniAccess Stellar Web Management Interface",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
        "assignerShortName": "CSA",
        "cveId": "CVE-2025-52688",
        "datePublished": "2025-07-16T06:23:53.933Z",
        "dateReserved": "2025-06-19T06:04:41.986Z",
        "dateUpdated": "2025-07-16T14:41:04.579Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }