CVE-2025-52689 PoC — Alcatel-Lucent OmniAccess Stellar Products 安全漏洞

Source

https://github.com/UltimateHG/CVE-2025-52689-PoC

Associated Vulnerability

Title:Alcatel-Lucent OmniAccess Stellar Products 安全漏洞 (CVE-2025-52689)
Description:Alcatel-Lucent OmniAccess Stellar Products是法国Alcatel-Lucent公司的一系列WiFi接入点。 Alcatel-Lucent OmniAccess Stellar Products存在安全漏洞，该漏洞源于可能获取管理员会话ID，导致修改访问点行为。

Readme

# CVE-2025-52689 PoC Code

PoC code for CVE-2025-52689 Alcatel-Lucent Enterprise AP1361D Wi-Fi Access Point Authentication Bypass Vulnerability.

This POC was developed for the SpiritCyber 2024 competition held during Singapore International Cyber Week 2024.

## Usage

1. Install requirements with `pip install -r requirements.txt`

2. Open `exp.py` and modify the `base` variable to the base address of the router's web interface (e.g. `10.0.0.1:443`)

3. Run `exp.py` with `python exp.py`

The POC first sends the payload to obtain a valid session, then sends another packet to add the MAC address `DE:AD:BE:EF:10:01` to the client blacklist.

The returned valid session ID can be used to validate any valid web interface requests, including changing passwords, resetting the router, etc.

Detailed writeup can be found [here](https://blog.uhg.sg/article/24.html).

File Snapshot


 [4.0K]  /data/pocs/5e04fa9a28baa3fedbb7e2353ca6860125769d77
├── [3.3K]  exp.py
├── [ 868]  README.md
└── [  17]  requirements.txt

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!