Which versions of SAPIDO RB-1732 V2.0.43 are affected by CVE-2019-25487?

SAPIDO RB-1732 routers running version 2.0.43 are vulnerable to unauthenticated remote command execution with critical severity (CVSS 9.8).

Is there a public PoC exploit available for CVE-2019-25487?

Yes, a public proof-of-concept exploit is available for CVE-2019-25487. Prioritise patching immediately. EPSS: 0.2%.

How to fix or mitigate CVE-2019-25487?

Within 24 hours: Identify all SAPIDO RB-1732 V2.0.43 devices in your environment and isolate them from critical networks if possible. Within 7 days: Contact SAPIDO for patch availability; if unavailable, implement network-level mitigations (WAF rules blocking formSysCmd, restrict management access to trusted IPs only). Within 30 days: Develop replacement strategy for affected devices, as vendor patch availability is currently unknown; evaluate alternative router vendors for procurement planning.

SAPIDO RB-1732 V2.0.43 CVE-2019-25487

Q: What is the CVSS score of CVE-2019-25487?

CVE-2019-25487 has a CVSS 4.0 base score of 9.3 (Critical). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.2%.

CRITICAL

Authorization Bypass Through User-Controlled Key (CWE-639)

2026-03-11 disclosure@vulncheck.com

Authentication Bypass

9.3

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

Apr 15, 2026 - 15:22 NVD

9.8 (CRITICAL) 9.3 (CRITICAL)

Analysis Generated

Mar 12, 2026 - 22:07 vuln.today

PoC Detected

Mar 12, 2026 - 21:08 vuln.today

Public exploit code

CVE Published

Mar 11, 2026 - 19:16 nvd

CRITICAL 9.8

DescriptionNVD

SAPIDO RB-1732 V2.0.43 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the formSysCmd endpoint. Attackers can send POST requests with the sysCmd parameter containing shell commands to execute code on the device with router privileges.

AnalysisAI

Command execution in SAPIDO RB-1732 V2.0.43 router. PoC available.

Technical ContextAI

CWE-639.

Affected ProductsAI

SAPIDO RB-1732 V2.0.43

RemediationAI

Update firmware.

CVE-2019-25487 vulnerability details – vuln.today

Back

SAPIDO RB-1732 V2.0.43 CVE-2019-25487

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

SAPIDO RB-1732 V2.0.43 CVE-2019-25487

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

External POC / Exploit Code