Successful exploitation of the vulnerability could allow an unauthenticated attacker to obtain a valid session ID with administrator privileges by spoofing the login request, potentially allowing the attacker to modify the behaviour of the access point.
An attacker can spoof a login request, as a result of which the system grants them a valid session ID with administrator privilege level without the need to provide valid authentication credentials. This is a classic session fixation or session hijacking scenario where the session management mechanism does not properly verify the identity of the requester before granting a privileged session. A proof-of-concept (PoC) exploit is publicly available on GitHub.
An unauthenticated attacker remotely gains full administrative access to the access point, allowing modification of its configuration and behavior — including potentially redirecting network traffic, disabling security measures, or taking control of wireless infrastructure.
Apply patches available from the manufacturer according to the references — detailed information is contained in the official Alcatel-Lucent Enterprise security bulletin (SA-N0150-OmniAccess-Stellar-Multiple-Vulnerabilities). Until patches are deployed, it is recommended to restrict access to the device management interface exclusively to trusted networks or hosts.
Alcatel-Lucent Enterprise OmniAccess Stellar devices — specific software versions indicated in the manufacturer's references (document SA-N0150).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H