【Vulnerability Alert】Sercomm Technology Wireless Routers Have 2 Critical Security Vulnerabilities

* Subject: 【Vulnerability Alert】Sercomm Technology Wireless Routers Have 2 Critical Security Vulnerabilities

* Content:

• Forwarded from TWCERTCC-200-202506-00000016
• 【Sercomm Technology Wireless Router - OS Command Injection】(CVE-2025-6559, CVSS: 9.8) Multiple Sercomm Technology wireless router models have an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary operating system commands and execute them on the device.
• 【Sercomm Technology Wireless Router - Exposure of Sensitive Information】(CVE-2025-6560, CVSS: 9.8) Some Sercomm Technology wireless router models have an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to directly access system configuration files and obtain administrator usernames and passwords in plaintext.

* Affected Platforms:

• BR071n, BR261c, BR270n, BR476n, BRC70n, BRC70x, BRC76n, BRD70n, BRE70n, BRE71n, BRF61c, BRF71n

* Suggested Measures:

• Affected models are no longer maintained, it is recommended to replace the equipment.

* References:

• Sercomm Technology Wireless Router - OS Command Injection
  • https://www.twcert.org.tw/tw/cp-132-10196-898d3-1.html
• Sercomm Technology Wireless Router
  • https://www.twcert.org.tw/tw/cp-132-10197-524ea-1.html

Computer and Communications Center
Network Systems Group Regards