CVE-2026-23699
OS Command Injection in AP180 Series Firmware Allows Arbitrary Execution
Publication date: 2026-01-22
Last updated on: 2026-01-22
Assigner: JPCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ruijie_networks | ap180 | to 11.9(4)B1P8 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the Ruijie Networks AP180 series firmware prior to version AP_RGOS 11.9(4)B1P8 is an OS command injection flaw (CWE-78). It allows a logged-in user with administrative privileges to execute arbitrary operating system commands on the affected device by sending a specially crafted request. This means an attacker with admin access can run any command on the device, potentially compromising its security and functionality. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker with administrative access to execute arbitrary commands on the device, which can lead to full compromise of the device's confidentiality, integrity, and availability. This could result in unauthorized control, data theft, disruption of network services, or further attacks within the network environment where the device is deployed. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately update the firmware of the Ruijie Networks AP180 series devices to version AP_RGOS 11.9(4)B1P8 or later. If updating the firmware is not possible right away, restrict web access to the affected devices by limiting access to trusted source IP addresses using ACL or whitelist configurations. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not contain information regarding how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.