CVE-2025-68459

Description

RG - AP180, Indoor Wall Plate Wireless AP AP180 series provided by Ruijie Networks Co., Ltd. contain an OS command injection vulnerability. An arbitrary OS command may be executed on the product by an attacker who logs in to the CLI service.

CVSS Details

CVSS Score

7.2

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

RG-AP180 所有版本

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-68459 PoC - 仅供参考学习，禁止非法使用
# 漏洞利用需要有效的认证凭据

import requests
import argparse

def check_vulnerability(target_ip, username, password):
    """
    检测RG-AP180是否存在CVE-2025-68459命令注入漏洞
    此代码仅用于授权的安全测试
    """
    print(f"[*] 正在检测目标: {target_ip}")
    print("[*] 漏洞: CVE-2025-68459 - OS命令注入")
    print("[*] 产品: Ruijie RG-AP180")
    print("\n[!] 警告: 请确保您拥有授权测试许可")
    
    # 实际PoC需要登录CLI并构造恶意命令
    # 此处省略具体利用代码
    
    return None

if __name__ == "__main__":
    parser = argparse.ArgumentParser(description='CVE-2025-68459检测工具')
    parser.add_argument('-t', '--target', required=True, help='目标IP地址')
    parser.add_argument('-u', '--username', required=True, help='CLI用户名')
    parser.add_argument('-p', '--password', required=True, help='CLI密码')
    args = parser.parse_args()
    check_vulnerability(args.target, args.username, args.password)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-68459
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-68459
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-68459/
[4] VulDB https://vuldb.com/cve/CVE-2025-68459
[5] https://jvn.jp/en/vu/JVNVU94068946/
[6] https://www.ruijie.com.cn/gy/xw-aqtg-gw/930282/

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-68459", "sourceIdentifier": "[email protected]", "published": "2025-12-18T06:15:49.717", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "RG - AP180, Indoor Wall Plate Wireless AP AP180 series provided by Ruijie Networks Co., Ltd. contain an OS command injection vulnerability. An arbitrary OS command may be executed on the product by an attacker who logs in to the CLI service."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.6, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-78"}]}], "references": [{"url": "https://jvn.jp/en/vu/JVNVU94068946/", "source": "[email protected]"}, {"url": "https://www.ruijie.com.cn/gy/xw-aqtg-gw/930282/", "source": "[email protected]"}]}}