GCVE - cpe:2.3:a:alcatel-lucent:omniaccess_stellar

Approved changes feed: RSS · Atom

cpe:2.3:a:alcatel-lucent:omniaccess_stellar_products:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Alcatel Lucent (`cd3e8d12-5838-5834-947c-31bf8161e901`)
Product	Omniaccess Stellar Products (`51622db8-c837-5e76-9b97-d1a42e2dccd2`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-52690`	vulnerable	2026-06-03 15:03:52.231947	Command Injection Vulnerability in the OmniAccess Stellar over UDP Service HIGH (8.1) Successful exploitation of the vulnerability could allow an attacker to execute arbitrary commands as root, potentially leading to the loss of confidentiality, integrity, availability, and full control of the access point. Published: 2025-07-16T06:34:02.704Z Updated: 2025-07-16T14:40:53.098Z Open on db.gcve.eu Reference links https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-072/ https://www.al-enterprise.com/-/media/assets/internet/documents/sa-n0150-omniaccess-stellar-multiple-vulnerabilities.pdf https://jro.sg/CVEs/CVE-2025-52690/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-52689`	vulnerable	2026-06-03 15:03:52.231520	Weak Session ID Check in the OmniAccess Stellar Web Management Interface CRITICAL (9.8) Successful exploitation of the vulnerability could allow an unauthenticated attacker to obtain a valid session ID with administrator privileges by spoofing the login request, potentially allowing the attacker to modify the behaviour of the access point. Published: 2025-07-16T06:30:11.161Z Updated: 2025-07-16T14:40:58.689Z Open on db.gcve.eu Reference links https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-072/ https://www.al-enterprise.com/-/media/assets/internet/documents/sa-n0150-omniaccess-stellar-multiple-vulnerabilities.pdf https://blog.uhg.sg/article/24.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-52688`	vulnerable	2026-06-03 15:03:52.231120	Command Injection Vulnerability in the OmniAccess Stellar Web Management Interface CRITICAL (9.8) Successful exploitation of the vulnerability could allow an attacker to inject commands with root privileges on the access point, potentially leading to the loss of confidentiality, integrity, availability, and full control of the access point. Published: 2025-07-16T06:23:53.933Z Updated: 2025-07-16T14:41:04.579Z Open on db.gcve.eu Reference links https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-072/ https://www.al-enterprise.com/-/media/assets/internet/documents/sa-n0150-omniaccess-stellar-multiple-vulnerabilities.pdf https://jro.sg/CVEs/CVE-2025-52688/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Omniaccess Stellar Products

PURL mappings

Vulnerability references

Contribute