Search criteria
2 vulnerabilities found for OmniAccess Stellar by Alcatel-Lucent
CVE-2025-52687 (GCVE-0-2025-52687)
Vulnerability from cvelistv5 – Published: 2025-07-16 06:15 – Updated: 2025-07-16 14:41
VLAI?
Summary
Successful exploitation of the vulnerability could allow an attacker with administrator credentials for the access point to inject malicious JavaScript into the payload of web traffics, potentially leading to session hijacking and denial-of-service (DoS).
Severity ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Alcatel-Lucent | OmniAccess Stellar |
Affected:
AP1100 AWOS versions 5.0.2 GA and earlier
Affected: AP1200 AWOS versions 5.0.2 GA and earlier Affected: AP1300 AWOS versions 5.0.2 GA and earlier Affected: AP1400 AWOS versions 5.0.2 GA and earlier Affected: AP1500 AWOS versions 5.0.2 GA and earlier |
Credits
Jay Turla
Japz Divino
Jerold Camacho
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52687",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-16T14:37:22.658130Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T14:41:09.909Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "OmniAccess Stellar",
"vendor": "Alcatel-Lucent",
"versions": [
{
"status": "affected",
"version": "AP1100 AWOS versions 5.0.2 GA and earlier"
},
{
"status": "affected",
"version": "AP1200 AWOS versions 5.0.2 GA and earlier"
},
{
"status": "affected",
"version": "AP1300 AWOS versions 5.0.2 GA and earlier"
},
{
"status": "affected",
"version": "AP1400 AWOS versions 5.0.2 GA and earlier"
},
{
"status": "affected",
"version": "AP1500 AWOS versions 5.0.2 GA and earlier"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jay Turla"
},
{
"lang": "en",
"type": "finder",
"value": "Japz Divino"
},
{
"lang": "en",
"type": "finder",
"value": "Jerold Camacho"
}
],
"datePublic": "2025-07-16T06:07:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Successful exploitation of the vulnerability could allow an attacker with administrator credentials for the access point to inject malicious JavaScript into the payload of web traffics, potentially leading to session hijacking and denial-of-service (DoS)."
}
],
"value": "Successful exploitation of the vulnerability could allow an attacker with administrator credentials for the access point to inject malicious JavaScript into the payload of web traffics, potentially leading to session hijacking and denial-of-service (DoS)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T06:25:33.489Z",
"orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"shortName": "CSA"
},
"references": [
{
"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-072/"
},
{
"url": "https://www.al-enterprise.com/-/media/assets/internet/documents/sa-n0150-omniaccess-stellar-multiple-vulnerabilities.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Users and administrators of affected products are advised to contact their Business Partner immediately to update to the latest version.\n\n\u003cbr\u003e"
}
],
"value": "Users and administrators of affected products are advised to contact their Business Partner immediately to update to the latest version."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "JavaScript Injection Vulnerability in the OmniAccess Stellar Web Management Interface",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"assignerShortName": "CSA",
"cveId": "CVE-2025-52687",
"datePublished": "2025-07-16T06:15:05.328Z",
"dateReserved": "2025-06-19T06:04:41.986Z",
"dateUpdated": "2025-07-16T14:41:09.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-52687 (GCVE-0-2025-52687)
Vulnerability from nvd – Published: 2025-07-16 06:15 – Updated: 2025-07-16 14:41
VLAI?
Summary
Successful exploitation of the vulnerability could allow an attacker with administrator credentials for the access point to inject malicious JavaScript into the payload of web traffics, potentially leading to session hijacking and denial-of-service (DoS).
Severity ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Alcatel-Lucent | OmniAccess Stellar |
Affected:
AP1100 AWOS versions 5.0.2 GA and earlier
Affected: AP1200 AWOS versions 5.0.2 GA and earlier Affected: AP1300 AWOS versions 5.0.2 GA and earlier Affected: AP1400 AWOS versions 5.0.2 GA and earlier Affected: AP1500 AWOS versions 5.0.2 GA and earlier |
Credits
Jay Turla
Japz Divino
Jerold Camacho
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52687",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-16T14:37:22.658130Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T14:41:09.909Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "OmniAccess Stellar",
"vendor": "Alcatel-Lucent",
"versions": [
{
"status": "affected",
"version": "AP1100 AWOS versions 5.0.2 GA and earlier"
},
{
"status": "affected",
"version": "AP1200 AWOS versions 5.0.2 GA and earlier"
},
{
"status": "affected",
"version": "AP1300 AWOS versions 5.0.2 GA and earlier"
},
{
"status": "affected",
"version": "AP1400 AWOS versions 5.0.2 GA and earlier"
},
{
"status": "affected",
"version": "AP1500 AWOS versions 5.0.2 GA and earlier"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jay Turla"
},
{
"lang": "en",
"type": "finder",
"value": "Japz Divino"
},
{
"lang": "en",
"type": "finder",
"value": "Jerold Camacho"
}
],
"datePublic": "2025-07-16T06:07:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Successful exploitation of the vulnerability could allow an attacker with administrator credentials for the access point to inject malicious JavaScript into the payload of web traffics, potentially leading to session hijacking and denial-of-service (DoS)."
}
],
"value": "Successful exploitation of the vulnerability could allow an attacker with administrator credentials for the access point to inject malicious JavaScript into the payload of web traffics, potentially leading to session hijacking and denial-of-service (DoS)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T06:25:33.489Z",
"orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"shortName": "CSA"
},
"references": [
{
"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-072/"
},
{
"url": "https://www.al-enterprise.com/-/media/assets/internet/documents/sa-n0150-omniaccess-stellar-multiple-vulnerabilities.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Users and administrators of affected products are advised to contact their Business Partner immediately to update to the latest version.\n\n\u003cbr\u003e"
}
],
"value": "Users and administrators of affected products are advised to contact their Business Partner immediately to update to the latest version."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "JavaScript Injection Vulnerability in the OmniAccess Stellar Web Management Interface",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"assignerShortName": "CSA",
"cveId": "CVE-2025-52687",
"datePublished": "2025-07-16T06:15:05.328Z",
"dateReserved": "2025-06-19T06:04:41.986Z",
"dateUpdated": "2025-07-16T14:41:09.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}