Cyber Resilience

CVE-2025-13798

LowPublic PoC

Published: 01 December 2025

Published
01 December 2025
Modified
29 April 2026
KEV Added
Patch
CVSS Score v4 2.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0030 54.0th percentile
Risk Priority 4 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-13798 is a low-severity Injection (CWE-74) vulnerability in Adslr B-Qe2W401 Firmware. Its CVSS base score is 2.1 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 46.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Deeper analysis

A flaw has been identified in the ADSLR NBR1005GPEV2 firmware version 250814-r037c, specifically in the ap_macfilter_add function within the /send_order.cgi endpoint. The issue stems from improper handling of the mac argument, enabling command injection as classified under CWE-74 and CWE-77. The vulnerability is remotely reachable and carries a CVSS 4.0 score of 2.1, reflecting limited impact on confidentiality, integrity, and availability when exploited by an authenticated user.

An attacker with low privileges can supply a crafted mac parameter over the network to execute arbitrary commands on the device. Public exploit code has been released, lowering the barrier for potential misuse, though the vendor was notified prior to disclosure and provided no response or remediation.

The associated references consist of Vuldb entries and a Notion report documenting the finding, with no official patches or mitigation guidance available due to the lack of vendor engagement. The EPSS score rose from a low baseline to a peak of 0.0143 on 2025-12-11 before receding, indicating a temporary increase in exploitation interest following public disclosure.

EU & UK References

Vulnerability details

A flaw has been found in ADSLR NBR1005GPEV2 250814-r037c. This affects the function ap_macfilter_add of the file /send_order.cgi. Executing manipulation of the argument mac can lead to command injection. The attack may be performed from remote. The exploit has been…

more

published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

Command injection vulnerability in web CGI script (/send_order.cgi) on network device enables exploitation of public-facing application (T1190) for arbitrary Unix shell command execution (T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-13797Same product: Adslr B-Qe2W401
CVE-2025-13800Same product: Adslr B-Qe2W401
CVE-2025-13799Same product: Adslr B-Qe2W401
CVE-2026-2194Shared CWE-74, CWE-77
CVE-2026-2218Shared CWE-74, CWE-77
CVE-2026-5103Shared CWE-74, CWE-77
CVE-2026-4203Shared CWE-74, CWE-77
CVE-2026-2135Shared CWE-74, CWE-77
CVE-2026-3661Shared CWE-74, CWE-77
CVE-2026-2615Shared CWE-74, CWE-77

Affected Assets

adslr
b-qe2w401 firmware
≤ 250814-r037c

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents command injection by requiring validation and sanitization of the untrusted 'mac' argument in the ap_macfilter_add function of /send_order.cgi.

prevent

Mandates timely identification, reporting, and correction of the specific command injection flaw in ADSLR NBR1005GPEV2 firmware version 250814-r037c.

detect

Enables vulnerability scanning to identify unpatched ADSLR NBR1005GPEV2 devices affected by this publicly exploited CVE.

References