CVE-2025-13798 is a command injection vulnerability identified in the ADSLR NBR1005GPEV2 router firmware version 250814-r037c. The vulnerability resides in the ap_macfilter_add function of the /send_order.cgi endpoint, which processes a 'mac' parameter. Improper input validation allows an attacker to inject arbitrary OS commands by manipulating this parameter. The attack vector is remote network access, requiring no authentication or user interaction, making exploitation straightforward for an attacker with network access to the device. The vulnerability can lead to full command execution on the router, enabling attackers to alter device configurations, intercept or redirect traffic, or pivot into internal networks. Despite early disclosure attempts, the vendor has not responded or provided a patch, and exploit code has been publicly released, increasing the risk of exploitation. The CVSS 4.0 score is 5.3 (medium), reflecting the ease of exploitation but limited scope and impact compared to critical vulnerabilities. The vulnerability affects a specific firmware version, so organizations using this version are at risk. The lack of vendor response and patch availability necessitates immediate defensive actions by users and network administrators.

For European organizations, this vulnerability poses a significant risk, particularly for small and medium enterprises (SMEs) and home office environments relying on the ADSLR NBR1005GPEV2 router. Successful exploitation can lead to unauthorized command execution, resulting in device compromise, network traffic interception, and potential lateral movement within corporate networks. This can compromise sensitive data confidentiality and integrity and disrupt network availability. Given the router's role as a network gateway, attackers could establish persistent access or launch further attacks against internal systems. The public availability of exploit code increases the likelihood of opportunistic attacks. Organizations lacking network segmentation or monitoring are especially vulnerable. The absence of a vendor patch prolongs exposure, necessitating reliance on compensating controls. The impact is amplified in sectors with critical infrastructure or sensitive data, such as finance, healthcare, and government entities within Europe.

Since no official patch is available, European organizations should implement the following specific mitigations: 1) Immediately disable remote management interfaces on the ADSLR NBR1005GPEV2 router to prevent external exploitation. 2) Restrict network access to the router's management interface using firewall rules or access control lists, allowing only trusted internal IP addresses. 3) Employ network segmentation to isolate vulnerable routers from critical internal networks, limiting attacker lateral movement. 4) Monitor network traffic and device logs for unusual commands or access patterns indicative of exploitation attempts. 5) Replace or upgrade affected devices to models with vendor-supported firmware and security updates when feasible. 6) Deploy intrusion detection/prevention systems (IDS/IPS) tuned to detect command injection attempts targeting /send_order.cgi or related endpoints. 7) Educate IT staff about this vulnerability and ensure incident response plans include steps for compromised routers. 8) Consider using network-level anomaly detection tools to identify suspicious outbound connections originating from routers. These measures collectively reduce the attack surface and improve detection capabilities until a vendor patch is released or devices are replaced.