CVE-2025-6559

Summary

Multiple wireless router models from Sapido have an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server. The affected models are out of support; replacing the device is recommended.

Affected Software

VendorProductVersion RangeStatus
SapidoBR071n0affected
SapidoBR261c0affected
SapidoBR270n0affected
SapidoBR476n0affected
SapidoBRC70n0affected
SapidoBRC70x0affected
SapidoBRC76n0affected
SapidoBRD70n0affected
SapidoBRE70n0affected
SapidoBRE71n0affected
SapidoBRF61c0affected
SapidoBRF71n0affected

Weaknesses

  • CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References