Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.3
SAPIDO RB-1732 V2.0.43: Unauthenticated Attackers Can Run System Commands
CVE-2019-25487
Summary
An attacker can send a request to SAPIDO RB-1732 V2.0.43 without logging in and run any system command, potentially taking control of the device. This is a serious risk because it could allow an attacker to access and manipulate sensitive data or disrupt the system. Update to the latest version to fix this issue.
Original title
SAPIDO RB-1732 V2.0.43 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the formSysCmd e...
Original description
SAPIDO RB-1732 V2.0.43 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the formSysCmd endpoint. Attackers can send POST requests with the sysCmd parameter containing shell commands to execute code on the device with router privileges.
nvd CVSS3.1
9.8
nvd CVSS4.0
9.3
Vulnerability type
CWE-639
Authorization Bypass Through User-Controlled Key
Published: 11 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026