CVE-2019-25487
Received Received - Intake
Remote Command Execution in SAPIDO RB-1732 Router Firmware

Publication date: 2026-03-11

Last updated on: 2026-03-11

Assigner: VulnCheck

Description
SAPIDO RB-1732 V2.0.43 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the formSysCmd endpoint. Attackers can send POST requests with the sysCmd parameter containing shell commands to execute code on the device with router privileges.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-11
Last Modified
2026-03-11
Generated
2026-06-16
AI Q&A
2026-03-11
EPSS Evaluated
2026-06-15
NVD
CVE-2019-25487
EUVD
EUVD-2019-19765
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
sapido rb-1732 2.0.43
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The SAPIDO RB-1732 router, specifically firmware version V2.0.43, contains a remote command execution vulnerability. This flaw allows unauthenticated attackers to execute arbitrary system commands on the device by sending specially crafted HTTP POST requests to the /goform/formSysCmd endpoint. The attacker includes shell commands in the sysCmd parameter, which the router executes with router-level privileges, enabling full control over the device.

Impact Analysis

This vulnerability can have severe impacts as it allows attackers to remotely execute any command on the affected router without authentication. This means an attacker can fully compromise the device, potentially gaining control over network traffic, stealing sensitive information, disrupting network services, or using the router as a foothold for further attacks within the network.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by sending a specially crafted HTTP POST request to the router\'s /goform/formSysCmd endpoint. The POST request should include parameters such as sysCmd (the command to execute), apply set to "Apply", submit-url set to "/syscmd.asp", and an empty msg field.'}, {'type': 'paragraph', 'content': "A practical detection method is to use a script or command that sends this POST request with a harmless command (e.g., 'id' or 'whoami') in the sysCmd parameter and then checks the response for command output."}, {'type': 'paragraph', 'content': 'For example, using curl, you can run a command like:'}, {'type': 'list_item', 'content': 'curl -X POST http://[target-ip]/goform/formSysCmd -d "sysCmd=id&apply=Apply&submit-url=/syscmd.asp&msg="'}, {'type': 'paragraph', 'content': 'If the response contains the output of the command (such as user or group information), the device is vulnerable.'}, {'type': 'paragraph', 'content': 'Alternatively, a Python script using the requests library can automate this detection by sending the POST request and parsing the response for command execution results.'}] [1]

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25487. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart