CVE-2025-13798

MediumPublic PoCUpdated

Published: 01 December 2025

Published

01 December 2025

Modified

29 April 2026

KEV Added

—

Patch

—

CVSS Score 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0030 53.7th percentile

Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-13798 is a medium-severity Injection (CWE-74) vulnerability in Adslr B-Qe2W401 Firmware. Its CVSS base score is 6.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 46.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly prevents command injection by requiring validation and sanitization of the untrusted 'mac' argument in the ap_macfilter_add function of /send_order.cgi.

SI-2 Flaw Remediation good match

prevent

Mandates timely identification, reporting, and correction of the specific command injection flaw in ADSLR NBR1005GPEV2 firmware version 250814-r037c.

RA-5 Vulnerability Monitoring and Scanning good match

detect

Enables vulnerability scanning to identify unpatched ADSLR NBR1005GPEV2 devices affected by this publicly exploited CVE.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059.004 Unix Shell Execution

Adversaries may abuse Unix shell commands and scripts for execution.

attack.mitre.org →

Why these techniques?

Command injection vulnerability in web CGI script (/send_order.cgi) on network device enables exploitation of public-facing application (T1190) for arbitrary Unix shell command execution (T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

A flaw has been found in ADSLR NBR1005GPEV2 250814-r037c. This affects the function ap_macfilter_add of the file /send_order.cgi. Executing manipulation of the argument mac can lead to command injection. The attack may be performed from remote. The exploit has been…

published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Deeper analysisAI

CVE-2025-13798 is a command injection vulnerability in the ADSLR NBR1005GPEV2 device running firmware version 250814-r037c. The flaw resides in the ap_macfilter_add function within the /send_order.cgi script, where manipulation of the "mac" argument enables attackers to inject arbitrary commands. This issue corresponds to CWE-74 (Improper Neutralization of Special Elements used in an SQL Command) and CWE-77 (Command Injection), with a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).

The vulnerability can be exploited remotely by an authenticated attacker with low privileges over the network, requiring no user interaction. Successful exploitation allows limited impacts on confidentiality, integrity, and availability, potentially enabling arbitrary command execution on the device.

Advisories from VulDB indicate that a public exploit is available and may be actively used, but the vendor was notified early without any response or patch release. References include VulDB entries (ctiid.333809, id.333809, submit.691841) and Notion pages detailing the report.

An exploit for this vulnerability has been published, increasing the risk of real-world exploitation on unpatched ADSLR NBR1005GPEV2 devices.

Details

CWE(s): CWE-74 CWE-77

Affected Products

adslr

b-qe2w401 firmware

≤ 250814-r037c

CVEs Like This One

CVE-2025-13800Same product: Adslr B-Qe2W401

CVE-2025-13797Same product: Adslr B-Qe2W401

CVE-2025-13799Same product: Adslr B-Qe2W401

CVE-2026-4203Shared CWE-74, CWE-77

CVE-2026-1419Shared CWE-74, CWE-77

CVE-2026-1327Shared CWE-74, CWE-77

CVE-2026-1802Shared CWE-74, CWE-77

CVE-2025-10629Shared CWE-74, CWE-77

CVE-2026-4207Shared CWE-74, CWE-77

CVE-2026-6987Shared CWE-74, CWE-77

References

https://vuldb.com/?ctiid.333809
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.333809
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.691841
Third Party Advisory, VDB Entry · cna@vuldb.com
https://www.notion.so/2a60c75766a8805a8973d2ff6a6bcb26
Exploit, Third Party Advisory · cna@vuldb.com
https://www.notion.so/Report-8-2a60c75766a8805a8973d2ff6a6bcb26
Exploit, Third Party Advisory · 134c704f-9b21-4f2e-91b3-4a467353bcc0