Search criteria
4 vulnerabilities by Alcatel-Lucent
CVE-2025-52690 (GCVE-0-2025-52690)
Vulnerability from cvelistv5 – Published: 2025-07-16 06:34 – Updated: 2025-07-16 14:40
VLAI?
Title
Command Injection Vulnerability in the OmniAccess Stellar over UDP Service
Summary
Successful exploitation of the vulnerability could allow an attacker to execute arbitrary commands as root, potentially leading to the loss of confidentiality, integrity, availability, and full control of the access point.
Severity ?
8.1 (High)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Alcatel-Lucent | OmniAccess Stellar Products |
Affected:
AP1100 AWOS versions 5.0.2 GA and earlier
Affected: AP1200 AWOS versions 5.0.2 GA and earlier Affected: AP1300 AWOS versions 5.0.2 GA and earlier Affected: AP1400 AWOS versions 5.0.2 GA and earlier Affected: AP1500 AWOS versions 5.0.2 GA and earlier |
Credits
Lam Jun Rong
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52690",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-16T14:35:23.553527Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T14:40:53.098Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://jro.sg/CVEs/CVE-2025-52690/"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "OmniAccess Stellar Products",
"vendor": "Alcatel-Lucent",
"versions": [
{
"status": "affected",
"version": "AP1100 AWOS versions 5.0.2 GA and earlier"
},
{
"status": "affected",
"version": "AP1200 AWOS versions 5.0.2 GA and earlier"
},
{
"status": "affected",
"version": "AP1300 AWOS versions 5.0.2 GA and earlier"
},
{
"status": "affected",
"version": "AP1400 AWOS versions 5.0.2 GA and earlier"
},
{
"status": "affected",
"version": "AP1500 AWOS versions 5.0.2 GA and earlier"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lam Jun Rong"
}
],
"datePublic": "2025-07-16T06:31:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Successful exploitation of the vulnerability could allow an attacker to execute arbitrary commands as root, potentially leading to the loss of confidentiality, integrity, availability, and full control of the access point."
}
],
"value": "Successful exploitation of the vulnerability could allow an attacker to execute arbitrary commands as root, potentially leading to the loss of confidentiality, integrity, availability, and full control of the access point."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T06:34:02.704Z",
"orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"shortName": "CSA"
},
"references": [
{
"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-072/"
},
{
"url": "https://www.al-enterprise.com/-/media/assets/internet/documents/sa-n0150-omniaccess-stellar-multiple-vulnerabilities.pdf"
},
{
"url": "https://jro.sg/CVEs/CVE-2025-52690/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Users and administrators of affected products are advised to contact their Business Partner immediately to update to the latest version."
}
],
"value": "Users and administrators of affected products are advised to contact their Business Partner immediately to update to the latest version."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command Injection Vulnerability in the OmniAccess Stellar over UDP Service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"assignerShortName": "CSA",
"cveId": "CVE-2025-52690",
"datePublished": "2025-07-16T06:34:02.704Z",
"dateReserved": "2025-06-19T06:04:41.987Z",
"dateUpdated": "2025-07-16T14:40:53.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-52689 (GCVE-0-2025-52689)
Vulnerability from cvelistv5 – Published: 2025-07-16 06:30 – Updated: 2025-07-16 14:40
VLAI?
Title
Weak Session ID Check in the OmniAccess Stellar Web Management Interface
Summary
Successful exploitation of the vulnerability could allow an unauthenticated attacker to obtain a valid session ID with administrator privileges by spoofing the login request, potentially allowing the attacker to modify the behaviour of the access point.
Severity ?
9.8 (Critical)
CWE
- CWE-384 - Session Fixation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Alcatel-Lucent | OmniAccess Stellar Products |
Affected:
AP1100 AWOS versions 5.0.2 GA and earlier
Affected: AP1200 AWOS versions 5.0.2 GA and earlier Affected: AP1300 AWOS versions 5.0.2 GA and earlier Affected: AP1400 AWOS versions 5.0.2 GA and earlier Affected: AP1500 AWOS versions 5.0.2 GA and earlier |
Credits
Lam Jun Rong
Cao Yitian
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52689",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-16T14:35:50.269269Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T14:40:58.689Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/UltimateHG/CVE-2025-52689-PoC"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "OmniAccess Stellar Products",
"vendor": "Alcatel-Lucent",
"versions": [
{
"status": "affected",
"version": "AP1100 AWOS versions 5.0.2 GA and earlier"
},
{
"status": "affected",
"version": "AP1200 AWOS versions 5.0.2 GA and earlier"
},
{
"status": "affected",
"version": "AP1300 AWOS versions 5.0.2 GA and earlier"
},
{
"status": "affected",
"version": "AP1400 AWOS versions 5.0.2 GA and earlier"
},
{
"status": "affected",
"version": "AP1500 AWOS versions 5.0.2 GA and earlier"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lam Jun Rong"
},
{
"lang": "en",
"type": "finder",
"value": "Cao Yitian"
}
],
"datePublic": "2025-07-16T06:26:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Successful exploitation of the vulnerability could allow an unauthenticated attacker to obtain a valid session ID with administrator privileges by spoofing the login request, potentially allowing the attacker to modify the behaviour of the access point."
}
],
"value": "Successful exploitation of the vulnerability could allow an unauthenticated attacker to obtain a valid session ID with administrator privileges by spoofing the login request, potentially allowing the attacker to modify the behaviour of the access point."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384 Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T06:30:11.161Z",
"orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"shortName": "CSA"
},
"references": [
{
"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-072/"
},
{
"url": "https://www.al-enterprise.com/-/media/assets/internet/documents/sa-n0150-omniaccess-stellar-multiple-vulnerabilities.pdf"
},
{
"url": "https://blog.uhg.sg/article/24.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Users and administrators of affected products are advised to contact their Business Partner immediately to update to the latest version.\n\n\u003cbr\u003e"
}
],
"value": "Users and administrators of affected products are advised to contact their Business Partner immediately to update to the latest version."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Weak Session ID Check in the OmniAccess Stellar Web Management Interface",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"assignerShortName": "CSA",
"cveId": "CVE-2025-52689",
"datePublished": "2025-07-16T06:30:11.161Z",
"dateReserved": "2025-06-19T06:04:41.987Z",
"dateUpdated": "2025-07-16T14:40:58.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-52688 (GCVE-0-2025-52688)
Vulnerability from cvelistv5 – Published: 2025-07-16 06:23 – Updated: 2025-07-16 14:41
VLAI?
Title
Command Injection Vulnerability in the OmniAccess Stellar Web Management Interface
Summary
Successful exploitation of the vulnerability could allow an attacker to inject commands with root privileges on the access point, potentially leading to the loss of confidentiality, integrity, availability, and full control of the access point.
Severity ?
9.8 (Critical)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Alcatel-Lucent | OmniAccess Stellar Products |
Affected:
AP1100 AWOS versions 5.0.2 GA and earlier
Affected: AP1200 AWOS versions 5.0.2 GA and earlier Affected: AP1300 AWOS versions 5.0.2 GA and earlier Affected: AP1400 AWOS versions 5.0.2 GA and earlier Affected: AP1500 AWOS versions 5.0.2 GA and earlier |
Credits
Joel Chang Zhi Kai
Liu Yisen
Cao Wei
Lam Jun Rong
River Koh
Yeo Jun Yi Keith
Hyunseok Yun
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52688",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-16T14:37:02.110254Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T14:41:04.579Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://jro.sg/CVEs/CVE-2025-52688/"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "OmniAccess Stellar Products",
"vendor": "Alcatel-Lucent",
"versions": [
{
"status": "affected",
"version": "AP1100 AWOS versions 5.0.2 GA and earlier"
},
{
"status": "affected",
"version": "AP1200 AWOS versions 5.0.2 GA and earlier"
},
{
"status": "affected",
"version": "AP1300 AWOS versions 5.0.2 GA and earlier"
},
{
"status": "affected",
"version": "AP1400 AWOS versions 5.0.2 GA and earlier"
},
{
"status": "affected",
"version": "AP1500 AWOS versions 5.0.2 GA and earlier"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Joel Chang Zhi Kai"
},
{
"lang": "en",
"type": "finder",
"value": "Liu Yisen"
},
{
"lang": "en",
"type": "finder",
"value": "Cao Wei"
},
{
"lang": "en",
"type": "finder",
"value": "Lam Jun Rong"
},
{
"lang": "en",
"type": "finder",
"value": "River Koh"
},
{
"lang": "en",
"type": "finder",
"value": "Yeo Jun Yi Keith"
},
{
"lang": "en",
"type": "finder",
"value": "Hyunseok Yun"
}
],
"datePublic": "2025-07-16T06:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Successful exploitation of the vulnerability could allow an attacker to inject commands with root privileges on the access point, potentially leading to the loss of confidentiality, integrity, availability, and full control of the access point."
}
],
"value": "Successful exploitation of the vulnerability could allow an attacker to inject commands with root privileges on the access point, potentially leading to the loss of confidentiality, integrity, availability, and full control of the access point."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T06:23:53.933Z",
"orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"shortName": "CSA"
},
"references": [
{
"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-072/"
},
{
"url": "https://www.al-enterprise.com/-/media/assets/internet/documents/sa-n0150-omniaccess-stellar-multiple-vulnerabilities.pdf"
},
{
"url": "https://jro.sg/CVEs/CVE-2025-52688/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Users and administrators of affected products are advised to contact their Business Partner immediately to update to the latest version.\n\n\u003cbr\u003e"
}
],
"value": "Users and administrators of affected products are advised to contact their Business Partner immediately to update to the latest version."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command Injection Vulnerability in the OmniAccess Stellar Web Management Interface",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"assignerShortName": "CSA",
"cveId": "CVE-2025-52688",
"datePublished": "2025-07-16T06:23:53.933Z",
"dateReserved": "2025-06-19T06:04:41.986Z",
"dateUpdated": "2025-07-16T14:41:04.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-52687 (GCVE-0-2025-52687)
Vulnerability from cvelistv5 – Published: 2025-07-16 06:15 – Updated: 2025-07-16 14:41
VLAI?
Title
JavaScript Injection Vulnerability in the OmniAccess Stellar Web Management Interface
Summary
Successful exploitation of the vulnerability could allow an attacker with administrator credentials for the access point to inject malicious JavaScript into the payload of web traffics, potentially leading to session hijacking and denial-of-service (DoS).
Severity ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Alcatel-Lucent | OmniAccess Stellar |
Affected:
AP1100 AWOS versions 5.0.2 GA and earlier
Affected: AP1200 AWOS versions 5.0.2 GA and earlier Affected: AP1300 AWOS versions 5.0.2 GA and earlier Affected: AP1400 AWOS versions 5.0.2 GA and earlier Affected: AP1500 AWOS versions 5.0.2 GA and earlier |
Credits
Jay Turla
Japz Divino
Jerold Camacho
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52687",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-16T14:37:22.658130Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T14:41:09.909Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "OmniAccess Stellar",
"vendor": "Alcatel-Lucent",
"versions": [
{
"status": "affected",
"version": "AP1100 AWOS versions 5.0.2 GA and earlier"
},
{
"status": "affected",
"version": "AP1200 AWOS versions 5.0.2 GA and earlier"
},
{
"status": "affected",
"version": "AP1300 AWOS versions 5.0.2 GA and earlier"
},
{
"status": "affected",
"version": "AP1400 AWOS versions 5.0.2 GA and earlier"
},
{
"status": "affected",
"version": "AP1500 AWOS versions 5.0.2 GA and earlier"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jay Turla"
},
{
"lang": "en",
"type": "finder",
"value": "Japz Divino"
},
{
"lang": "en",
"type": "finder",
"value": "Jerold Camacho"
}
],
"datePublic": "2025-07-16T06:07:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Successful exploitation of the vulnerability could allow an attacker with administrator credentials for the access point to inject malicious JavaScript into the payload of web traffics, potentially leading to session hijacking and denial-of-service (DoS)."
}
],
"value": "Successful exploitation of the vulnerability could allow an attacker with administrator credentials for the access point to inject malicious JavaScript into the payload of web traffics, potentially leading to session hijacking and denial-of-service (DoS)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T06:25:33.489Z",
"orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"shortName": "CSA"
},
"references": [
{
"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-072/"
},
{
"url": "https://www.al-enterprise.com/-/media/assets/internet/documents/sa-n0150-omniaccess-stellar-multiple-vulnerabilities.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Users and administrators of affected products are advised to contact their Business Partner immediately to update to the latest version.\n\n\u003cbr\u003e"
}
],
"value": "Users and administrators of affected products are advised to contact their Business Partner immediately to update to the latest version."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "JavaScript Injection Vulnerability in the OmniAccess Stellar Web Management Interface",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"assignerShortName": "CSA",
"cveId": "CVE-2025-52687",
"datePublished": "2025-07-16T06:15:05.328Z",
"dateReserved": "2025-06-19T06:04:41.986Z",
"dateUpdated": "2025-07-16T14:41:09.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}