CVE-2025-13797 identifies a command injection vulnerability in the ADSLR B-QE2W401 device firmware version 250814-r037c. The vulnerability resides in the /send_order.cgi web interface, specifically in the handling of the del_swifimac parameter. Improper input validation allows an attacker to inject arbitrary shell commands remotely without requiring authentication or user interaction. This flaw enables attackers to execute commands with the privileges of the web server process, potentially leading to full device compromise. The vendor was informed prior to public disclosure but has not issued any patch or mitigation guidance. The vulnerability has a CVSS 4.0 base score of 5.3, indicating medium severity, with an attack vector of network (remote), low attack complexity, no privileges or user interaction required, and limited impact on confidentiality, integrity, and availability. Although no known exploits in the wild have been reported yet, public exploit code availability increases the likelihood of active exploitation. The device is typically used in broadband or network access roles, making it a valuable target for attackers seeking to disrupt or control network infrastructure. The lack of vendor response and patch availability increases the urgency for organizations to implement compensating controls and monitor for exploitation attempts.

For European organizations, exploitation of this vulnerability could lead to unauthorized remote command execution on ADSLR B-QE2W401 devices, potentially resulting in data breaches, network disruptions, or device takeover. Given the device's role in network access or broadband infrastructure, attackers could leverage compromised devices to pivot into internal networks, intercept or manipulate traffic, or launch further attacks. This could impact confidentiality by exposing sensitive data, integrity by altering device configurations or data flows, and availability by causing device outages or denial of service. Critical infrastructure providers, ISPs, and enterprises relying on these devices for connectivity could face operational interruptions and reputational damage. The public availability of exploit code increases the risk of opportunistic attacks, especially in environments lacking robust network segmentation or monitoring. The absence of vendor patches means organizations must rely on detection and mitigation strategies to reduce exposure.

Since no official patch or vendor guidance is available, European organizations should implement the following specific mitigations: 1) Immediately isolate ADSLR B-QE2W401 devices from untrusted networks or restrict access to the /send_order.cgi interface using network segmentation and firewall rules. 2) Disable or restrict access to the vulnerable del_swifimac functionality if configurable. 3) Employ intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics to detect command injection attempts targeting /send_order.cgi. 4) Monitor device logs and network traffic for unusual command execution patterns or unauthorized access attempts. 5) Where possible, replace or upgrade affected devices to models or firmware versions not impacted by this vulnerability. 6) Implement strict access controls and network authentication to limit exposure. 7) Conduct regular security assessments and penetration tests focusing on network devices to identify exploitation attempts. 8) Maintain an incident response plan tailored to network device compromise scenarios. These measures go beyond generic advice by focusing on network-level controls, monitoring, and operational practices specific to the affected device and vulnerability.