CVE-2019-25487

CRITICAL

SAPIDO RB-1732 V2.0.43 - RCE

Title source: llm

Description

SAPIDO RB-1732 V2.0.43 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the formSysCmd endpoint. Attackers can send POST requests with the sysCmd parameter containing shell commands to execute code on the device with router privileges.

Exploits (1)

exploitdb WORKING POC

by k1nm3n.aotoi · pythonremotehardware

https://www.exploit-db.com/exploits/47031

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/47031

[Third Party Advisory] https://www.vulncheck.com/advisories/sapido-rb-1732-remote-command-execution-via-formsyscmd

Scores

CVSS v3 9.8

EPSS 0.0022

EPSS Percentile 44.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-639

Status published

Products (1)

Sapido/RB-1732 2.0.43

Published Mar 11, 2026

Tracked Since Mar 12, 2026