OS Command Injection Vulnerability in Sapido Wireless Routers
CVE-2025-6559

9.3CRITICAL

Key Information:

Vendor: SAPido
Status: Br071n; Br261c; Br270n; Br476n
Vendor: CVE Published:; 24 June 2025

What is CVE-2025-6559?

Multiple wireless router models from Sapido are vulnerable to OS Command Injection, which can be exploited by unauthenticated remote attackers. This vulnerability allows attackers to inject arbitrary operating system commands that may be executed on the affected devices, potentially compromising the integrity and confidentiality of the network. Given that these models are no longer supported, it is strongly advisable to replace them to maintain optimal security.

Affected Version(s)

BR071n 0

BR261c 0

BR270n 0

References

https://www.twcert.org.tw/tw/cp-132-10196-898d3-1.html

third-party-advisory

https://www.twcert.org.tw/en/cp-139-10195-69da1-2.html

third-party-advisory

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 24, 2025
Vulnerability Reserved
Jun 24, 2025

JSON

SAPido

What is CVE-2025-6559?

Affected Version(s)

References

CVSS V4

Timeline