CVE-2019-25487

SAPIDO RB-1732 V2.0.43 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the formSysCmd endpoint. Attackers can send POST requests with the sysCmd parameter containing shell commands to execute code on the device with router privileges.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.exploit-db.com/exploits/47031
https://www.vulncheck.com/advisories/sapido-rb-1732-remote-command-execution-via-formsyscmd

Configurations

No configuration.

History

15 Apr 2026, 14:56

Type	Values Removed	Values Added
Summary		(es) SAPIDO RB-1732 V2.0.43 contiene una vulnerabilidad de ejecución remota de comandos que permite a atacantes no autenticados ejecutar comandos de sistema arbitrarios mediante el envío de entrada maliciosa al endpoint formSysCmd. Los atacantes pueden enviar solicitudes POST con el parámetro sysCmd que contiene comandos shell para ejecutar código en el dispositivo con privilegios de router.

11 Mar 2026, 22:16

Type	Values Removed	Values Added
References	~~{'url': 'https://www.vulncheck.com/advisories/sapido-rb-remote-command-execution-via-formsyscmd', 'source': 'disclosure@vulncheck.com'}~~	() https://www.vulncheck.com/advisories/sapido-rb-1732-remote-command-execution-via-formsyscmd -

11 Mar 2026, 19:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-11 19:16

Updated : 2026-04-15 14:56

NVD link : CVE-2019-25487

Mitre link : CVE-2019-25487

CVE.ORG link : CVE-2019-25487

JSON object : View

Products Affected

No product.

CWE

CWE-639

Authorization Bypass Through User-Controlled Key

{"id": "CVE-2019-25487", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-11T19:16:03.157", "references": [{"url": "https://www.exploit-db.com/exploits/47031", "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/sapido-rb-1732-remote-command-execution-via-formsyscmd", "source": "disclosure@vulncheck.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-639"}]}], "descriptions": [{"lang": "en", "value": "SAPIDO RB-1732 V2.0.43 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the formSysCmd endpoint. Attackers can send POST requests with the sysCmd parameter containing shell commands to execute code on the device with router privileges."}, {"lang": "es", "value": "SAPIDO RB-1732 V2.0.43 contiene una vulnerabilidad de ejecuci\u00f3n remota de comandos que permite a atacantes no autenticados ejecutar comandos de sistema arbitrarios mediante el env\u00edo de entrada maliciosa al endpoint formSysCmd. Los atacantes pueden enviar solicitudes POST con el par\u00e1metro sysCmd que contiene comandos shell para ejecutar c\u00f3digo en el dispositivo con privilegios de router."}], "lastModified": "2026-04-15T14:56:45.970", "sourceIdentifier": "disclosure@vulncheck.com"}