CVE-2025-68459
Unknown Unknown - Not Provided

OS Command Injection in Ruijie RG-AP180 Wireless AP CLI

Vulnerability report for CVE-2025-68459, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-12-18

Last updated on: 2025-12-18

Assigner: JPCERT/CC

Description

RG - AP180, Indoor Wall Plate Wireless AP AP180 series provided by Ruijie Networks Co., Ltd. contain an OS command injection vulnerability. An arbitrary OS command may be executed on the product by an attacker who logs in to the CLI service.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-12-18
Last Modified
2025-12-18
Generated
2026-07-06
AI Q&A
2025-12-18
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
ruijie ap180 *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability affects the Ruijie Networks AP180 Series Indoor Wall Plate Wireless Access Points. It is an OS command injection vulnerability (CWE-78) that allows an attacker who has logged into the device's CLI service to execute arbitrary operating system commands on the device. This can lead to unauthorized control over the device. [1, 2]

Impact Analysis

If exploited, this vulnerability can allow an attacker to execute arbitrary commands on the affected device, potentially compromising system integrity and security. This could lead to unauthorized access, data manipulation, disruption of service, or further attacks within the network where the device is deployed. [1, 2]

Mitigation Strategies

The recommended immediate step to mitigate this vulnerability is to update the firmware of the Ruijie Networks AP180 series devices to the latest version provided by Ruijie Networks. [1]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68459. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart