Command injection

2022-11-3014:15:00

PRIOn knowledge base

www.prio-n.com

sapido routers

command injection

critical vulnerability

ip/syscmd.htm

remote attack

exploit disclosure

vdb-214592

9 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.2%

JSON

A vulnerability was found in Sapido BR270n, BRC76n, GR297 and RB1732 and classified as critical. Affected by this issue is some unknown functionality of the file ip/syscmd.htm. The manipulation leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214592.

CPENameOperatorVersion
br270n_firmwareeq2.1.03
brc76n_firmwareeq2.1.03
gr297n_firmwareeq2.1.3
rb-1732_firmwareeq2.0.43

Name	Operator	Version
br270n_firmware	eq	2.1.03
brc76n_firmware	eq	2.1.03
gr297n_firmware	eq	2.1.3
rb-1732_firmware	eq	2.0.43

References

blog.csdn.net/qq_44159028/article/details/114590267

github.com/smallpiggy/Sapido--rce/blob/main/Sapido%E8%B7%AF%E7%94%B1%E5%99%A8-rce.py

vuldb.com/?id.214592