Cyber Resilience

CVE-2025-13800

LowPublic PoC

Published: 01 December 2025

Published
01 December 2025
Modified
29 April 2026
KEV Added
Patch
CVSS Score v4 2.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0027 50.4th percentile
Risk Priority 4 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-13800 is a low-severity Injection (CWE-74) vulnerability in Adslr B-Qe2W401 Firmware. Its CVSS base score is 2.1 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked in the top 49.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

The vulnerability is a command injection flaw in the ADSLR NBR1005GPEV2 firmware version 250814-r037c. It resides in the set_mesh_disconnect function of the /send_order.cgi endpoint, where unsanitized input to the mac argument is passed to an operating system command. The issue is tracked under CWE-74 and CWE-77 and carries a CVSS 4.0 score of 2.1.

An authenticated remote attacker can supply a crafted mac value to execute arbitrary commands on the device. Because the attack requires only low privileges and no user interaction, an adversary who has obtained valid credentials or who already controls a low-privileged account can achieve limited code execution, data modification, or service disruption on the affected router.

Public references on Vuldb document the disclosure timeline and note that the vendor was contacted prior to publication but provided no response or patch. No official mitigation guidance or firmware update has been issued.

The exploit code has been released publicly. The associated EPSS score rose from a baseline near 0.0027 to a peak of 0.0141 on 11 December 2025 before receding, indicating a measurable but short-lived increase in exploitation interest after the CVE became public.

EU & UK References

Vulnerability details

A vulnerability was found in ADSLR NBR1005GPEV2 250814-r037c. This issue affects the function set_mesh_disconnect of the file /send_order.cgi. The manipulation of the argument mac results in command injection. It is possible to launch the attack remotely. The exploit has been…

more

made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1202 Indirect Command Execution Stealth
Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters.
Why these techniques?

The command injection vulnerability (CWE-77) in the web CGI script (/send_order.cgi) enables remote exploitation of a public-facing application (T1190), leading to arbitrary Unix shell command execution (T1059.004) via indirect command execution (T1202).

CVEs Like This One

CVE-2025-13797Same product: Adslr B-Qe2W401
CVE-2025-13798Same product: Adslr B-Qe2W401
CVE-2025-13799Same product: Adslr B-Qe2W401
CVE-2025-7932Shared CWE-74, CWE-77
CVE-2025-9583Shared CWE-74, CWE-77
CVE-2025-9581Shared CWE-74, CWE-77
CVE-2025-14705Shared CWE-74, CWE-77
CVE-2025-10324Shared CWE-74, CWE-77
CVE-2025-12916Shared CWE-74, CWE-77
CVE-2025-7613Shared CWE-74, CWE-77

Affected Assets

adslr
b-qe2w401 firmware
≤ 250814-r037c

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-10 mandates information input validation and error handling at interfaces, directly preventing command injection via the unvalidated 'mac' argument in /send_order.cgi.

prevent

SI-2 requires timely flaw remediation, addressing the unpatched command injection vulnerability in the ADSLR NBR1005GPEV2 firmware.

prevent

AC-6 enforces least privilege, limiting low-privilege (PR:L) access to the vulnerable set_mesh_disconnect function and reducing exploitation potential.

References