CVE-2025-6559

CRITICAL

Sapido Wireless Router - Command Injection

Title source: llm
STIX 2.1

Description

Multiple wireless router models from Sapido have an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server. The affected models are out of support; replacing the device is recommended.

References (2)

Core 2
Core References
Various Sources third-party-advisory
https://www.twcert.org.tw/tw/cp-132-10196-898d3-1.html
Various Sources third-party-advisory
https://www.twcert.org.tw/en/cp-139-10195-69da1-2.html

Scores

CVSS v3 9.8
EPSS 0.0167
EPSS Percentile 73.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-78
Status published
Products (12)
Sapido/BR071n
Sapido/BR261c
Sapido/BR270n
Sapido/BR476n
Sapido/BRC70n
Sapido/BRC70x
Sapido/BRC76n
Sapido/BRD70n
Sapido/BRE70n
Sapido/BRE71n
... and 2 more
Published Jun 24, 2025
Tracked Since Feb 18, 2026