CVE-2025-6560 in BR071ninfo

Summary

by MITRE • 06/24/2025

Multiple wireless router models from Sapido have an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to directly access a system configuration file and obtain plaintext administrator credentials. 

The affected models are out of support; replacing the device is recommended.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 06/27/2025

The vulnerability identified as CVE-2025-6560 represents a critical exposure of sensitive information in multiple wireless router models manufactured by Sapido. This flaw allows unauthenticated remote attackers to directly access system configuration files containing plaintext administrator credentials without requiring any prior authentication or authorization. The vulnerability stems from inadequate access controls and improper privilege management within the router's web interface and configuration handling mechanisms. Security researchers have identified that these routers expose sensitive system data through improperly secured endpoints that should only be accessible to authorized administrative users. The issue affects several models that are no longer supported by the vendor, meaning they do not receive security updates or patches to address this vulnerability. The exposure of plaintext credentials poses significant risks to network security as attackers can immediately gain full administrative control over the affected devices, potentially leading to complete network compromise and unauthorized access to connected systems.

The technical implementation of this vulnerability involves weak authentication mechanisms and insufficient input validation within the router's web application framework. Attackers can exploit this by directly accessing specific configuration file endpoints through HTTP requests without providing any credentials. The affected routers fail to implement proper access control lists or session management controls, allowing any remote user to retrieve sensitive information from system files. This type of vulnerability is classified as a CWE-200 - Information Exposure, which occurs when a system reveals information that should be restricted or protected. The flaw also relates to CWE-306 - Missing Authentication for Critical Function, as the system fails to require proper authentication for accessing critical administrative functions. The configuration files contain plaintext passwords, indicating poor security practices in credential storage and management within the router's software architecture. These routers likely store administrative credentials in easily accessible locations without proper encryption or obfuscation, making the information immediately usable by attackers who discover these paths.

The operational impact of this vulnerability extends beyond simple credential theft to encompass complete network compromise and persistent access to affected environments. Once attackers obtain the plaintext administrator credentials, they can modify router configurations, redirect traffic, implement man-in-the-middle attacks, or establish backdoor access points. The lack of support for these affected models means that organizations cannot rely on vendor-provided patches or security updates to remediate the issue. This vulnerability creates a persistent threat vector that can remain active for extended periods, particularly in environments where network administrators may not regularly audit or monitor their router configurations. The exposure of administrative credentials also enables attackers to conduct reconnaissance activities, potentially mapping network topologies, identifying connected devices, and planning further attacks against internal systems. Organizations using these unsupported routers face significant risk of data breaches, network infiltration, and potential compliance violations, especially in regulated environments where proper network segmentation and access controls are mandatory.

Given that these router models are out of support, the recommended mitigation strategy focuses on immediate physical replacement of the affected devices. Organizations should conduct comprehensive inventory assessments to identify all affected Sapido routers within their network infrastructure and prioritize their replacement. Network segmentation should be implemented to isolate these devices from critical systems until replacement occurs, though this provides only temporary protection. The replacement process should include selecting routers with proper authentication mechanisms, regular security updates, and support for modern security protocols. Administrators should also review and rotate all administrative credentials across their network infrastructure, as the exposure of one set of credentials may indicate potential compromise of other systems using similar credentials. Implementation of network monitoring solutions to detect unusual traffic patterns or unauthorized access attempts can provide additional defense in depth. The vulnerability highlights the importance of maintaining supported network equipment and avoiding the use of end-of-life devices that cannot receive security updates, as these represent significant security risks to enterprise networks. This case demonstrates the critical need for proper lifecycle management of network infrastructure and the dangers of operating unsupported equipment in production environments.

Responsible

Twcert

Reservation

06/24/2025

Disclosure

06/24/2025

Moderation

accepted

CPE

ready

EPSS

0.00557

KEV

no

Activities

very low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!