Vulnerability-Lookup - Search a vulnerability

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

CVE-2025-68459 (GCVE-0-2025-68459)

Vulnerability from nvd – Published: 2025-12-18 05:51 – Updated: 2025-12-18 15:33

Summary

RG - AP180, Indoor Wall Plate Wireless AP AP180 series provided by Ruijie Networks Co., Ltd. contain an OS command injection vulnerability. An arbitrary OS command may be executed on the product by an attacker who logs in to the CLI service.

Severity ?

7.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

8.6 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')

Assigner

jpcert

References

URL

Tags

	https://www.ruijie.com.cn/gy/xw-aqtg-gw/930282/
	https://jvn.jp/en/vu/JVNVU94068946/

Impacted products

Vendor

Product

Version

Ruijie Networks Co., Ltd.

AP180-PE V3.xx

Affected: AP_RGOS 11.9(4)B1P8 and earlier

Ruijie Networks Co., Ltd.	AP180(JA) V1.xx	Affected: AP_RGOS 11.9(4)B1P8 and earlier
Ruijie Networks Co., Ltd.	AP180(JP) V1.xx	Affected: AP_RGOS 11.9(4)B1P8 and earlier
Ruijie Networks Co., Ltd.	AP180-AC V1.xx	Affected: AP_RGOS 11.9(4)B1P8 and earlier
Ruijie Networks Co., Ltd.	AP180-PE V1.xx	Affected: AP_RGOS 11.9(4)B1P8 and earlier
Ruijie Networks Co., Ltd.	AP180(JA) V2.xx	Affected: AP_RGOS 11.9(4)B1P8 and earlier
Ruijie Networks Co., Ltd.	AP180-AC V2.xx	Affected: AP_RGOS 11.9(4)B1P8 and earlier
Ruijie Networks Co., Ltd.	AP180-PE V2.xx	Affected: AP_RGOS 11.9(4)B1P8 and earlier
Ruijie Networks Co., Ltd.	AP180-AC V3.xx	Affected: AP_RGOS 11.9(4)B1P8 and earlier

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-68459",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-18T15:28:34.206269Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-18T15:33:43.033Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "AP180-PE V3.xx",
          "vendor": "Ruijie Networks Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "AP_RGOS 11.9(4)B1P8 and earlier"
            }
          ]
        },
        {
          "product": "AP180(JA) V1.xx",
          "vendor": "Ruijie Networks Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "AP_RGOS 11.9(4)B1P8 and earlier"
            }
          ]
        },
        {
          "product": "AP180(JP) V1.xx",
          "vendor": "Ruijie Networks Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "AP_RGOS 11.9(4)B1P8 and earlier"
            }
          ]
        },
        {
          "product": "AP180-AC V1.xx",
          "vendor": "Ruijie Networks Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "AP_RGOS 11.9(4)B1P8 and earlier"
            }
          ]
        },
        {
          "product": "AP180-PE V1.xx",
          "vendor": "Ruijie Networks Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "AP_RGOS 11.9(4)B1P8 and earlier"
            }
          ]
        },
        {
          "product": "AP180(JA) V2.xx",
          "vendor": "Ruijie Networks Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "AP_RGOS 11.9(4)B1P8 and earlier"
            }
          ]
        },
        {
          "product": "AP180-AC V2.xx",
          "vendor": "Ruijie Networks Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "AP_RGOS 11.9(4)B1P8 and earlier"
            }
          ]
        },
        {
          "product": "AP180-PE V2.xx",
          "vendor": "Ruijie Networks Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "AP_RGOS 11.9(4)B1P8 and earlier"
            }
          ]
        },
        {
          "product": "AP180-AC V3.xx",
          "vendor": "Ruijie Networks Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "AP_RGOS 11.9(4)B1P8 and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "RG - AP180, Indoor Wall Plate Wireless AP AP180 series provided by Ruijie Networks Co., Ltd. contain an OS command injection vulnerability. An arbitrary OS command may be executed on the product by an attacker who logs in to the CLI service."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-18T05:51:07.988Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://www.ruijie.com.cn/gy/xw-aqtg-gw/930282/"
        },
        {
          "url": "https://jvn.jp/en/vu/JVNVU94068946/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2025-68459",
    "datePublished": "2025-12-18T05:51:07.988Z",
    "dateReserved": "2025-12-17T23:37:17.886Z",
    "dateUpdated": "2025-12-18T15:33:43.033Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-68459 (GCVE-0-2025-68459)

Vulnerability from cvelistv5 – Published: 2025-12-18 05:51 – Updated: 2025-12-18 15:33

Summary

RG - AP180, Indoor Wall Plate Wireless AP AP180 series provided by Ruijie Networks Co., Ltd. contain an OS command injection vulnerability. An arbitrary OS command may be executed on the product by an attacker who logs in to the CLI service.

Severity ?

7.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

8.6 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')

Assigner

jpcert

References

URL

Tags

	https://www.ruijie.com.cn/gy/xw-aqtg-gw/930282/
	https://jvn.jp/en/vu/JVNVU94068946/

Impacted products

Vendor

Product

Version

Ruijie Networks Co., Ltd.

AP180-PE V3.xx

Affected: AP_RGOS 11.9(4)B1P8 and earlier

Ruijie Networks Co., Ltd.	AP180(JA) V1.xx	Affected: AP_RGOS 11.9(4)B1P8 and earlier
Ruijie Networks Co., Ltd.	AP180(JP) V1.xx	Affected: AP_RGOS 11.9(4)B1P8 and earlier
Ruijie Networks Co., Ltd.	AP180-AC V1.xx	Affected: AP_RGOS 11.9(4)B1P8 and earlier
Ruijie Networks Co., Ltd.	AP180-PE V1.xx	Affected: AP_RGOS 11.9(4)B1P8 and earlier
Ruijie Networks Co., Ltd.	AP180(JA) V2.xx	Affected: AP_RGOS 11.9(4)B1P8 and earlier
Ruijie Networks Co., Ltd.	AP180-AC V2.xx	Affected: AP_RGOS 11.9(4)B1P8 and earlier
Ruijie Networks Co., Ltd.	AP180-PE V2.xx	Affected: AP_RGOS 11.9(4)B1P8 and earlier
Ruijie Networks Co., Ltd.	AP180-AC V3.xx	Affected: AP_RGOS 11.9(4)B1P8 and earlier

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-68459",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-18T15:28:34.206269Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-18T15:33:43.033Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "AP180-PE V3.xx",
          "vendor": "Ruijie Networks Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "AP_RGOS 11.9(4)B1P8 and earlier"
            }
          ]
        },
        {
          "product": "AP180(JA) V1.xx",
          "vendor": "Ruijie Networks Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "AP_RGOS 11.9(4)B1P8 and earlier"
            }
          ]
        },
        {
          "product": "AP180(JP) V1.xx",
          "vendor": "Ruijie Networks Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "AP_RGOS 11.9(4)B1P8 and earlier"
            }
          ]
        },
        {
          "product": "AP180-AC V1.xx",
          "vendor": "Ruijie Networks Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "AP_RGOS 11.9(4)B1P8 and earlier"
            }
          ]
        },
        {
          "product": "AP180-PE V1.xx",
          "vendor": "Ruijie Networks Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "AP_RGOS 11.9(4)B1P8 and earlier"
            }
          ]
        },
        {
          "product": "AP180(JA) V2.xx",
          "vendor": "Ruijie Networks Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "AP_RGOS 11.9(4)B1P8 and earlier"
            }
          ]
        },
        {
          "product": "AP180-AC V2.xx",
          "vendor": "Ruijie Networks Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "AP_RGOS 11.9(4)B1P8 and earlier"
            }
          ]
        },
        {
          "product": "AP180-PE V2.xx",
          "vendor": "Ruijie Networks Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "AP_RGOS 11.9(4)B1P8 and earlier"
            }
          ]
        },
        {
          "product": "AP180-AC V3.xx",
          "vendor": "Ruijie Networks Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "AP_RGOS 11.9(4)B1P8 and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "RG - AP180, Indoor Wall Plate Wireless AP AP180 series provided by Ruijie Networks Co., Ltd. contain an OS command injection vulnerability. An arbitrary OS command may be executed on the product by an attacker who logs in to the CLI service."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-18T05:51:07.988Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://www.ruijie.com.cn/gy/xw-aqtg-gw/930282/"
        },
        {
          "url": "https://jvn.jp/en/vu/JVNVU94068946/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2025-68459",
    "datePublished": "2025-12-18T05:51:07.988Z",
    "dateReserved": "2025-12-17T23:37:17.886Z",
    "dateUpdated": "2025-12-18T15:33:43.033Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Search criteria

2 vulnerabilities found for AP180-PE V2.xx by Ruijie Networks Co., Ltd.

CVE-2025-68459 (GCVE-0-2025-68459)

CVE-2025-68459 (GCVE-0-2025-68459)