CVE-2019-25487

CRITICAL

Sapido RB-1732 2.0.43 - Unauthenticated Remote Code Execution via formSysCmd Endpoint

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25487. PoCs published by k1nm3n.aotoi.

AI-analyzed exploit summary This exploit demonstrates a command injection vulnerability in SAPIDO RB-1732 routers by sending a crafted POST request to the 'formSysCmd' endpoint, allowing arbitrary command execution. The script constructs a request with a 'sysCmd' parameter and retrieves the output from the response.

Description

SAPIDO RB-1732 V2.0.43 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the formSysCmd endpoint. Attackers can send POST requests with the sysCmd parameter containing shell commands to execute code on the device with router privileges.

Exploits (1)

exploitdb WORKING POC
by k1nm3n.aotoi · pythonremotehardware
https://www.exploit-db.com/exploits/47031

This exploit demonstrates a command injection vulnerability in SAPIDO RB-1732 routers by sending a crafted POST request to the 'formSysCmd' endpoint, allowing arbitrary command execution. The script constructs a request with a 'sysCmd' parameter and retrieves the output from the response.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: SAPIDO RB-1732 v2.0.43
No auth needed
Prerequisites: network access to the target device · knowledge of the target IP address
devstral-2 · analyzed Mar 12, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/47031

Scores

CVSS v3 9.8
EPSS 0.0836
EPSS Percentile 94.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-639
Status published
Products (1)
Sapido/RB-1732 2.0.43
Published Mar 11, 2026
Tracked Since Mar 12, 2026