CVE-2026-23699
Unknown Unknown - Not Provided
OS Command Injection in AP180 Series Firmware Allows Arbitrary Execution

Publication date: 2026-01-22

Last updated on: 2026-01-22

Assigner: JPCERT/CC

Description
AP180 series with firmware versions prior to AP_RGOS 11.9(4)B1P8 contains an OS command injection vulnerability. If this vulnerability is exploited, arbitrary commands may be executed on the devices.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-22
Last Modified
2026-01-22
Generated
2026-06-16
AI Q&A
2026-01-22
EPSS Evaluated
2026-06-15
NVD
CVE-2026-23699
EUVD
EUVD-2026-4173
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ruijie_networks ap180 to 11.9(4)B1P8 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in the Ruijie Networks AP180 series firmware prior to version AP_RGOS 11.9(4)B1P8 is an OS command injection flaw (CWE-78). It allows a logged-in user with administrative privileges to execute arbitrary operating system commands on the affected device by sending a specially crafted request. This means an attacker with admin access can run any command on the device, potentially compromising its security and functionality. [1]

Impact Analysis

If exploited, this vulnerability can allow an attacker with administrative access to execute arbitrary commands on the device, which can lead to full compromise of the device's confidentiality, integrity, and availability. This could result in unauthorized control, data theft, disruption of network services, or further attacks within the network environment where the device is deployed. [1]

Mitigation Strategies

To mitigate this vulnerability, immediately update the firmware of the Ruijie Networks AP180 series devices to version AP_RGOS 11.9(4)B1P8 or later. If updating the firmware is not possible right away, restrict web access to the affected devices by limiting access to trusted source IP addresses using ACL or whitelist configurations. [1]

Compliance Impact

The provided resources do not contain information regarding how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23699. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart