CVE-2025-52688

CRITICAL

Access Point <unknown> - Command Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-52688. PoCs published by joelczk.

AI-analyzed exploit summary The repository provides functional exploit code demonstrating unauthenticated command injection and arbitrary file read vulnerabilities in Alcatel AP13161 enterprise WIFI access points. It includes multiple PoCs targeting different endpoints and parameters, with clear HTTP request examples.

Description

Successful exploitation of the vulnerability could allow an attacker to inject commands with root privileges on the access point, potentially leading to the loss of confidentiality, integrity, availability, and full control of the access point.

Exploits (1)

nomisec WORKING POC 2 stars

by joelczk · poc

https://github.com/joelczk/CVE-2025-52688

View Code ZIP pw:eip

The repository provides functional exploit code demonstrating unauthenticated command injection and arbitrary file read vulnerabilities in Alcatel AP13161 enterprise WIFI access points. It includes multiple PoCs targeting different endpoints and parameters, with clear HTTP request examples.

Classification

Working Poc 95%

Attack Type

Rce | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Alcatel AP13161 - Enterprise WIFI access point

No auth needed

Prerequisites: Network access to the vulnerable device

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Various Sources

https://www.al-enterprise.com/-/media/assets/internet/documents/sa-n0150-omniaccess-stellar-multiple-vulnerabilities.pdf

Various Sources

https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-072/

Various Sources

https://jro.sg/CVEs/CVE-2025-52688/

Scores

CVSS v3 9.8

EPSS 0.2135

EPSS Percentile 97.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-77

Status published

Products (5)

Alcatel-Lucent/OmniAccess Stellar Products AP1100 AWOS versions 5.0.2 GA and earlier

Alcatel-Lucent/OmniAccess Stellar Products AP1200 AWOS versions 5.0.2 GA and earlier

Alcatel-Lucent/OmniAccess Stellar Products AP1300 AWOS versions 5.0.2 GA and earlier

Alcatel-Lucent/OmniAccess Stellar Products AP1400 AWOS versions 5.0.2 GA and earlier

Alcatel-Lucent/OmniAccess Stellar Products AP1500 AWOS versions 5.0.2 GA and earlier

Published Jul 16, 2025

Tracked Since Feb 18, 2026