CVE-2025-13799
Published: 01 December 2025
Summary
CVE-2025-13799 is a low-severity Injection (CWE-74) vulnerability in Adslr B-Qe2W401 Firmware. Its CVSS base score is 2.1 (Low).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 49.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
A command injection vulnerability exists in the ADSLR NBR1005GPEV2 firmware version 250814-r037c, specifically in the ap_macfilter_del function of the /send_order.cgi endpoint. The flaw arises from improper handling of the mac argument, which can be manipulated to execute arbitrary commands. The issue is tracked under CWE-74 and CWE-77 and carries a low CVSS 4.0 score of 2.1, reflecting that it requires an authenticated remote attacker.
An authenticated attacker with network access can supply a crafted mac parameter to the affected CGI script and achieve command execution on the device. Public exploit code has been released, enabling potential remote compromise of the router without vendor interaction.
The vendor was notified prior to disclosure but provided no response or patch. Public references consist primarily of vulnerability database entries that document the issue and the submitted proof-of-concept.
EPSS for the CVE rose from a low baseline to a peak of 0.0141 on 2025-12-11 before receding to the current value of 0.0027, indicating a temporary increase in exploitation interest after public disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-199941
Vulnerability details
A vulnerability has been found in ADSLR NBR1005GPEV2 250814-r037c. This vulnerability affects the function ap_macfilter_del of the file /send_order.cgi. The manipulation of the argument mac leads to command injection. It is possible to initiate the attack remotely. The exploit has…
more
been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection vulnerability in public-facing CGI script (/send_order.cgi) on network device firmware directly enables exploitation of public-facing applications (T1190) and execution of commands via network device CLI (T1059.008).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prevents command injection by requiring validation and error handling of the untrusted 'mac' argument in the /send_order.cgi function.
Mandates timely identification, reporting, and correction of the command injection flaw in the ADSLR NBR1005GPEV2 firmware despite vendor non-response.
Enables vulnerability scanning to identify the publicly disclosed command injection vulnerability (CVE-2025-13799) for subsequent remediation.