CVE-2025-13797
Published: 01 December 2025
Summary
CVE-2025-13797 is a low-severity Injection (CWE-74) vulnerability in Adslr B-Qe2W401 Firmware. Its CVSS base score is 2.1 (Low).
Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked in the top 46.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
A vulnerability has been identified in the ADSLR B-QE2W401 firmware version 250814-r037c. The issue resides in the parameterdel_swifimac function within the /send_order.cgi file, where improper handling of the del_swifimac argument enables command injection. The flaw is tracked under CWE-74 and CWE-77, carries a CVSS 4.0 score of 2.1, and can be triggered remotely without user interaction.
An authenticated remote attacker can supply crafted input to the affected parameter and execute arbitrary commands on the device. Successful exploitation yields limited impacts to confidentiality, integrity, and availability on the target system. The vendor did not respond to early disclosure notification, and a public exploit is now available.
EPSS probability for this CVE rose from a low baseline to a peak of 0.0143 on 2025-12-11 before receding to the current value of 0.0030, indicating a temporary increase in observed exploitation interest after public disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-199944
Vulnerability details
A vulnerability was detected in ADSLR B-QE2W401 250814-r037c. Affected by this issue is the function parameterdel_swifimac of the file /send_order.cgi. Performing manipulation of the argument del_swifimac results in command injection. The attack is possible to be carried out remotely. The…
more
exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection in web CGI script (/send_order.cgi) allows remote unauthenticated arbitrary command execution, enabling exploitation of public-facing application (T1190), Unix Shell execution (T1059.004), and indirect command execution (T1202) as noted in advisory.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prevents command injection by validating and sanitizing the del_swifimac parameter in the /send_order.cgi file against malicious inputs.
Requires timely identification, reporting, and correction of the specific command injection flaw in the ADSLR B-QE2W401 250814-r037c firmware.
Monitors and controls remote network traffic to the vulnerable /send_order.cgi endpoint, enabling web application firewall rules to block command injection payloads.