Published:2025/12/18 Last Updated:2025/12/18
JVNVU#94068946
Ruijie Networks AP180 Series vulnerable to OS command injection
Overview
RG - AP180, Indoor Wall Plate Wireless AP AP180 series provided by Ruijie Networks contain an OS command injection vulnerability.
Products Affected
The following AP180 series firmware versions AP_RGOS 11.9(4)B1P8 and earlier are affected by this vulnerability.
- AP180(JA) V1.xx
- AP180(JP) V1.xx
- AP180-AC V1.xx
- AP180-PE V1.xx
- AP180(JA) V2.xx
- AP180-AC V2.xx
- AP180-PE V2.xx
- AP180-AC V3.xx
- AP180-PE V3.xx
Description
RG - AP180, Indoor Wall Plate Wireless AP AP180 series provided by Ruijie Networks contain the following vulnerability.
- OS command injection (CWE-78)
- CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.6
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 7.2
- CVE-2025-68459
Impact
An arbitrary OS command may be executed on the product by an attacker who can log in to the CLI service.
Solution
Update the Firmware
Update the firmware to the latest version according to the information provided by the developer.
Vendor Status
| Vendor | Link |
| Ruijie Networks Co., Ltd. | AP180系列部分产品存在命令注入漏洞 (Text in Simplified Chinese) |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2025-68459 |
| JVN iPedia |
|