CVE-2025-68459
OS Command Injection in Ruijie RG-AP180 Wireless AP CLI
Publication date: 2025-12-18
Last updated on: 2025-12-18
Assigner: JPCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ruijie | ap180 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects the Ruijie Networks AP180 Series Indoor Wall Plate Wireless Access Points. It is an OS command injection vulnerability (CWE-78) that allows an attacker who has logged into the device's CLI service to execute arbitrary operating system commands on the device. This can lead to unauthorized control over the device. [1, 2]
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker to execute arbitrary commands on the affected device, potentially compromising system integrity and security. This could lead to unauthorized access, data manipulation, disruption of service, or further attacks within the network where the device is deployed. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
The recommended immediate step to mitigate this vulnerability is to update the firmware of the Ruijie Networks AP180 series devices to the latest version provided by Ruijie Networks. [1]