EUVD-2025-19048
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Tags
Description
Multiple wireless router models from Sapido have an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server. The affected models are out of support; replacing the device is recommended.
Analysis
CVE-2025-6559 is an unauthenticated OS Command Injection vulnerability affecting multiple Sapido wireless router models that are out of support. Remote attackers can inject and execute arbitrary operating system commands with no authentication required, achieving complete system compromise. The CVSS 9.8 Critical severity reflects the trivial attack vector (network-accessible, no user interaction required) and complete impact on confidentiality, integrity, and availability.
Technical Context
This vulnerability exploits improper input validation in OS command execution paths within Sapido router firmware (affected CPE families likely include cpe:2.3:o:sapido:router_firmware). CWE-78 (Improper Neutralization of Special Elements used in an OS Command) indicates the firmware fails to sanitize user-supplied input before passing it to shell command execution functions (likely system(), popen(), exec() or similar OS-level calls). This is a classic command injection flaw where special shell metacharacters (`;`, `|`, `&`, `$()`, backticks, etc.) are not filtered, allowing attackers to chain arbitrary commands. Given Sapido's consumer router product line, the vulnerable code is likely in web interface request handlers or management protocol parsers that accept configuration or diagnostic parameters.
Affected Products
Sapido wireless router product line, specific models and firmware versions not fully enumerated in the provided data. Affected product range is indicated as 'multiple wireless router models' with out-of-support status, suggesting legacy consumer router lines (likely Sapido RB models, RT models, or similar from their product catalog circa 2015-2022). Without vendor advisory details, assume all Sapido router firmware versions prior to end-of-support date are vulnerable. Likely CPE match: cpe:2.3:o:sapido:*:*:*:*:*:*:*:*:* for all Sapido router firmware. Consult Sapido's product lifecycle documentation or CISA KEV catalog for definitive model/version enumeration if available.
Remediation
No vendor patch is available; devices are out-of-support. Remediation options: (1) REPLACEMENT (recommended): Retire affected Sapido routers and replace with current-generation hardware from vendors maintaining active security support; (2) NETWORK ISOLATION: If replacement is not immediate, isolate vulnerable routers from untrusted networks via air-gap, restricted VLAN, or disabling remote management (WAN access to admin interface); (3) FIRMWARE AUDIT: Check for third-party firmware projects (OpenWrt, DD-WRT) offering community patches for Sapido hardware—some legacy routers receive community support beyond vendor EOL; (4) MONITORING: Implement network IDS/IPS rules to detect OS command injection payloads (signatures for shell metacharacters in HTTP parameters to router management ports); (5) ACCESS CONTROLS: Restrict router management interface access to trusted internal IPs only, disable UPnP, and change default credentials. Do NOT rely on firmware updates from Sapido—device must be replaced for genuine security remediation.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today