CVE-2025-13799

MediumPublic PoCUpdated

Published: 01 December 2025

Published

01 December 2025

Modified

29 April 2026

KEV Added

—

Patch

—

CVSS Score 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0027 50.1th percentile

Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-13799 is a medium-severity Injection (CWE-74) vulnerability in Adslr B-Qe2W401 Firmware. Its CVSS base score is 6.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 49.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly prevents command injection by requiring validation and error handling of the untrusted 'mac' argument in the /send_order.cgi function.

SI-2 Flaw Remediation good match

prevent

Mandates timely identification, reporting, and correction of the command injection flaw in the ADSLR NBR1005GPEV2 firmware despite vendor non-response.

RA-5 Vulnerability Monitoring and Scanning partial match

detect

Enables vulnerability scanning to identify the publicly disclosed command injection vulnerability (CVE-2025-13799) for subsequent remediation.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059.008 Network Device CLI Execution

Adversaries may abuse scripting or built-in command line interpreters (CLI) on network devices to execute malicious command and payloads.

attack.mitre.org →

Why these techniques?

Command injection vulnerability in public-facing CGI script (/send_order.cgi) on network device firmware directly enables exploitation of public-facing applications (T1190) and execution of commands via network device CLI (T1059.008).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

A vulnerability has been found in ADSLR NBR1005GPEV2 250814-r037c. This vulnerability affects the function ap_macfilter_del of the file /send_order.cgi. The manipulation of the argument mac leads to command injection. It is possible to initiate the attack remotely. The exploit has…

been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Deeper analysisAI

CVE-2025-13799 is a command injection vulnerability affecting the ADSLR NBR1005GPEV2 device on firmware version 250814-r037c. The flaw exists in the ap_macfilter_del function within the /send_order.cgi file, where manipulation of the mac argument enables command injection. Published on 2025-12-01, it carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) and is linked to CWE-74 and CWE-77.

The vulnerability allows remote exploitation by attackers possessing low privileges. Upon successful exploitation, adversaries can achieve limited impacts on confidentiality, integrity, and availability, potentially executing arbitrary commands on the affected device.

Advisories note that the vendor was contacted early about the disclosure but provided no response, with no patches or official mitigations available. The exploit has been publicly disclosed via VulDB and may be actively used by attackers.

Details

CWE(s): CWE-74 CWE-77

Affected Products

adslr

b-qe2w401 firmware

≤ 250814-r037c

CVEs Like This One

CVE-2025-13798Same product: Adslr B-Qe2W401

CVE-2025-13800Same product: Adslr B-Qe2W401

CVE-2025-13797Same product: Adslr B-Qe2W401

CVE-2026-5178Shared CWE-74, CWE-77

CVE-2026-2527Shared CWE-74, CWE-77

CVE-2026-1638Shared CWE-74, CWE-77

CVE-2026-2163Shared CWE-74, CWE-77

CVE-2026-2526Shared CWE-74, CWE-77

CVE-2026-3704Shared CWE-74, CWE-77

CVE-2025-8937Shared CWE-74, CWE-77

References

https://vuldb.com/?ctiid.333810
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.333810
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.691842
Third Party Advisory, VDB Entry · cna@vuldb.com
https://www.notion.so/2a60c75766a8801e8e4bdd3be8072d9d
Exploit, Third Party Advisory · cna@vuldb.com