CVE-2025-13797 is a command injection vulnerability identified in the ADSLR B-QE2W401 device, firmware version 250814-r037c. The vulnerability resides in the /send_order.cgi endpoint, specifically in the handling of the 'del_swifimac' parameter. An attacker can remotely manipulate this parameter to inject and execute arbitrary system commands on the device without requiring authentication or user interaction. This type of vulnerability is critical because it allows attackers to gain unauthorized control over the device, potentially leading to data leakage, device manipulation, or denial of service. The vulnerability is exploitable over the network, increasing the attack surface. Despite early notification, the vendor has not issued any patches or advisories, and a public exploit is available, increasing the likelihood of exploitation. The CVSS 4.0 base score is 5.3 (medium), reflecting the moderate impact on confidentiality, integrity, and availability, with low attack complexity and no privileges or user interaction needed. The lack of vendor response and public exploit availability make this a significant risk for affected users. The device is likely used in network infrastructure or telecommunications, making exploitation potentially impactful for organizations relying on these devices for connectivity and network management.

For European organizations, exploitation of CVE-2025-13797 could result in unauthorized remote command execution on ADSLR B-QE2W401 devices, leading to partial or full compromise of the device. This could disrupt network operations, cause data breaches, or enable attackers to pivot within internal networks. Organizations relying on these devices for critical communications or network management may experience degraded service availability or integrity issues. The vulnerability's remote and unauthenticated nature increases the risk of widespread exploitation, especially in environments with exposed management interfaces. Given the vendor's lack of response, affected organizations may face prolonged exposure. This could impact sectors such as telecommunications providers, ISPs, and enterprises using ADSLR devices in their infrastructure. The potential for attackers to execute arbitrary commands also raises concerns about persistent backdoors or lateral movement within networks, increasing the overall threat to European digital infrastructure.

Since no official patch or vendor response is available, European organizations should implement the following mitigations: 1) Immediately restrict network access to the /send_order.cgi endpoint by applying firewall rules or network segmentation to limit exposure to trusted management networks only. 2) Disable or restrict remote management interfaces on ADSLR B-QE2W401 devices where possible to reduce attack surface. 3) Monitor network traffic and device logs for unusual activity related to the del_swifimac parameter or unexpected command executions. 4) Employ intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics targeting command injection attempts on CGI endpoints. 5) Consider replacing or upgrading affected devices with alternatives from vendors that provide timely security updates. 6) Conduct regular security assessments and penetration testing focused on network devices to detect similar vulnerabilities. 7) Maintain an inventory of all ADSLR devices and their firmware versions to identify and prioritize remediation efforts. 8) Engage with the vendor for updates and monitor security advisories for any future patches or mitigations.