CVE-2026-23699

CVSS 8.6 HIGHEPSS 1.5%CWE-78

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 8.6EPSS 1.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

22 Jan 2026Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

AP180 series with firmware versions prior to AP_RGOS 11.9(4)B1P8 contains an OS command injection vulnerability. If this vulnerability is exploited, arbitrary commands may be executed on the devices.

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

Ruijie Networks Co., Ltd. · AP180-AC V1.xx Ruijie Networks Co., Ltd. · AP180-AC V2.xx Ruijie Networks Co., Ltd. · AP180-AC V3.xx Ruijie Networks Co., Ltd. · AP180(JA) V1.xx Ruijie Networks Co., Ltd. · AP180(JA) V2.xx Ruijie Networks Co., Ltd. · AP180(JP) V1.xx Ruijie Networks Co., Ltd. · AP180-PE V1.xx Ruijie Networks Co., Ltd. · AP180-PE V2.xx Ruijie Networks Co., Ltd. · AP180-PE V3.xx

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://jvn.jp/en/jp/JVN86850670/https://www.ruijie.co.jp/products/rg-ap180-pe_p432111650928590848.html#productDocument