CVE-2025-68459
Unknown Unknown - Not Provided
OS Command Injection in Ruijie RG-AP180 Wireless AP CLI

Publication date: 2025-12-18

Last updated on: 2025-12-18

Assigner: JPCERT/CC

Description
RG - AP180, Indoor Wall Plate Wireless AP AP180 series provided by Ruijie Networks Co., Ltd. contain an OS command injection vulnerability. An arbitrary OS command may be executed on the product by an attacker who logs in to the CLI service.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-18
Last Modified
2025-12-18
Generated
2026-06-16
AI Q&A
2025-12-18
EPSS Evaluated
2026-06-15
NVD
CVE-2025-68459
EUVD
EUVD-2025-204038
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ruijie ap180 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects the Ruijie Networks AP180 Series Indoor Wall Plate Wireless Access Points. It is an OS command injection vulnerability (CWE-78) that allows an attacker who has logged into the device's CLI service to execute arbitrary operating system commands on the device. This can lead to unauthorized control over the device. [1, 2]

Impact Analysis

If exploited, this vulnerability can allow an attacker to execute arbitrary commands on the affected device, potentially compromising system integrity and security. This could lead to unauthorized access, data manipulation, disruption of service, or further attacks within the network where the device is deployed. [1, 2]

Mitigation Strategies

The recommended immediate step to mitigate this vulnerability is to update the firmware of the Ruijie Networks AP180 series devices to the latest version provided by Ruijie Networks. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68459. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart