Cyber Resilience

CVE-2025-13799

LowPublic PoC

Published: 01 December 2025

Published
01 December 2025
Modified
29 April 2026
KEV Added
Patch
CVSS Score v4 2.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0027 50.4th percentile
Risk Priority 4 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-13799 is a low-severity Injection (CWE-74) vulnerability in Adslr B-Qe2W401 Firmware. Its CVSS base score is 2.1 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 49.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

A command injection vulnerability exists in the ADSLR NBR1005GPEV2 firmware version 250814-r037c, specifically in the ap_macfilter_del function of the /send_order.cgi endpoint. The flaw arises from improper handling of the mac argument, which can be manipulated to execute arbitrary commands. The issue is tracked under CWE-74 and CWE-77 and carries a low CVSS 4.0 score of 2.1, reflecting that it requires an authenticated remote attacker.

An authenticated attacker with network access can supply a crafted mac parameter to the affected CGI script and achieve command execution on the device. Public exploit code has been released, enabling potential remote compromise of the router without vendor interaction.

The vendor was notified prior to disclosure but provided no response or patch. Public references consist primarily of vulnerability database entries that document the issue and the submitted proof-of-concept.

EPSS for the CVE rose from a low baseline to a peak of 0.0141 on 2025-12-11 before receding to the current value of 0.0027, indicating a temporary increase in exploitation interest after public disclosure.

EU & UK References

Vulnerability details

A vulnerability has been found in ADSLR NBR1005GPEV2 250814-r037c. This vulnerability affects the function ap_macfilter_del of the file /send_order.cgi. The manipulation of the argument mac leads to command injection. It is possible to initiate the attack remotely. The exploit has…

more

been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.008 Network Device CLI Execution
Adversaries may abuse scripting or built-in command line interpreters (CLI) on network devices to execute malicious command and payloads.
Why these techniques?

Command injection vulnerability in public-facing CGI script (/send_order.cgi) on network device firmware directly enables exploitation of public-facing applications (T1190) and execution of commands via network device CLI (T1059.008).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-13798Same product: Adslr B-Qe2W401
CVE-2025-13797Same product: Adslr B-Qe2W401
CVE-2025-13800Same product: Adslr B-Qe2W401
CVE-2025-9584Shared CWE-74, CWE-77
CVE-2026-0732Shared CWE-74, CWE-77
CVE-2026-2530Shared CWE-74, CWE-77
CVE-2026-1689Shared CWE-74, CWE-77
CVE-2026-6989Shared CWE-74, CWE-77
CVE-2026-3704Shared CWE-74, CWE-77
CVE-2026-1125Shared CWE-74, CWE-77

Affected Assets

adslr
b-qe2w401 firmware
≤ 250814-r037c

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents command injection by requiring validation and error handling of the untrusted 'mac' argument in the /send_order.cgi function.

prevent

Mandates timely identification, reporting, and correction of the command injection flaw in the ADSLR NBR1005GPEV2 firmware despite vendor non-response.

detect

Enables vulnerability scanning to identify the publicly disclosed command injection vulnerability (CVE-2025-13799) for subsequent remediation.

References