CVE-2025-13798

MediumPublic PoC

Published: 01 December 2025

Published

01 December 2025

Modified

29 April 2026

KEV Added

—

Patch

—

CVSS Score 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0023 45.2th percentile

Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Description

A flaw has been found in ADSLR NBR1005GPEV2 250814-r037c. This affects the function ap_macfilter_add of the file /send_order.cgi. Executing manipulation of the argument mac can lead to command injection. The attack may be performed from remote. The exploit has been…

published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly prevents command injection by requiring validation and sanitization of the untrusted 'mac' argument in the ap_macfilter_add function of /send_order.cgi.

SI-2 Flaw Remediation good match

prevent

Mandates timely identification, reporting, and correction of the specific command injection flaw in ADSLR NBR1005GPEV2 firmware version 250814-r037c.

RA-5 Vulnerability Monitoring and Scanning good match

detect

Enables vulnerability scanning to identify unpatched ADSLR NBR1005GPEV2 devices affected by this publicly exploited CVE.

Security SummaryAI

CVE-2025-13798 is a command injection vulnerability in the ADSLR NBR1005GPEV2 device running firmware version 250814-r037c. The flaw resides in the ap_macfilter_add function within the /send_order.cgi script, where manipulation of the "mac" argument enables attackers to inject arbitrary commands. This issue corresponds to CWE-74 (Improper Neutralization of Special Elements used in an SQL Command) and CWE-77 (Command Injection), with a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).

The vulnerability can be exploited remotely by an authenticated attacker with low privileges over the network, requiring no user interaction. Successful exploitation allows limited impacts on confidentiality, integrity, and availability, potentially enabling arbitrary command execution on the device.

Advisories from VulDB indicate that a public exploit is available and may be actively used, but the vendor was notified early without any response or patch release. References include VulDB entries (ctiid.333809, id.333809, submit.691841) and Notion pages detailing the report.

An exploit for this vulnerability has been published, increasing the risk of real-world exploitation on unpatched ADSLR NBR1005GPEV2 devices.

Details

CWE(s): CWE-74 CWE-77

Affected Products

adslr

b-qe2w401 firmware

≤ 250814-r037c

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059.004 Unix Shell Execution

Adversaries may abuse Unix shell commands and scripts for execution.

attack.mitre.org →

Why these techniques?

Command injection vulnerability in web CGI script (/send_order.cgi) on network device enables exploitation of public-facing application (T1190) for arbitrary Unix shell command execution (T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://vuldb.com/?ctiid.333809
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.333809
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.691841
Third Party Advisory, VDB Entry · cna@vuldb.com
https://www.notion.so/2a60c75766a8805a8973d2ff6a6bcb26
Exploit, Third Party Advisory · cna@vuldb.com
https://www.notion.so/Report-8-2a60c75766a8805a8973d2ff6a6bcb26
Exploit, Third Party Advisory · 134c704f-9b21-4f2e-91b3-4a467353bcc0