CVE-2025-13799

MediumPublic PoC

Published: 01 December 2025

Published

01 December 2025

Modified

29 April 2026

KEV Added

—

Patch

—

CVSS Score 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0018 39.4th percentile

Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Description

A vulnerability has been found in ADSLR NBR1005GPEV2 250814-r037c. This vulnerability affects the function ap_macfilter_del of the file /send_order.cgi. The manipulation of the argument mac leads to command injection. It is possible to initiate the attack remotely. The exploit has…

been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly prevents command injection by requiring validation and error handling of the untrusted 'mac' argument in the /send_order.cgi function.

SI-2 Flaw Remediation good match

prevent

Mandates timely identification, reporting, and correction of the command injection flaw in the ADSLR NBR1005GPEV2 firmware despite vendor non-response.

RA-5 Vulnerability Monitoring and Scanning partial match

detect

Enables vulnerability scanning to identify the publicly disclosed command injection vulnerability (CVE-2025-13799) for subsequent remediation.

Security SummaryAI

CVE-2025-13799 is a command injection vulnerability affecting the ADSLR NBR1005GPEV2 device on firmware version 250814-r037c. The flaw exists in the ap_macfilter_del function within the /send_order.cgi file, where manipulation of the mac argument enables command injection. Published on 2025-12-01, it carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) and is linked to CWE-74 and CWE-77.

The vulnerability allows remote exploitation by attackers possessing low privileges. Upon successful exploitation, adversaries can achieve limited impacts on confidentiality, integrity, and availability, potentially executing arbitrary commands on the affected device.

Advisories note that the vendor was contacted early about the disclosure but provided no response, with no patches or official mitigations available. The exploit has been publicly disclosed via VulDB and may be actively used by attackers.

Details

CWE(s): CWE-74 CWE-77

Affected Products

adslr

b-qe2w401 firmware

≤ 250814-r037c

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059.008 Network Device CLI Execution

Adversaries may abuse scripting or built-in command line interpreters (CLI) on network devices to execute malicious command and payloads.

attack.mitre.org →

Why these techniques?

Command injection vulnerability in public-facing CGI script (/send_order.cgi) on network device firmware directly enables exploitation of public-facing applications (T1190) and execution of commands via network device CLI (T1059.008).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://vuldb.com/?ctiid.333810
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.333810
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.691842
Third Party Advisory, VDB Entry · cna@vuldb.com
https://www.notion.so/2a60c75766a8801e8e4bdd3be8072d9d
Exploit, Third Party Advisory · cna@vuldb.com