CVE-2025-13798 is a medium-severity command injection vulnerability affecting the ADSLR NBR1005GPEV2 router, specifically firmware version 250814-r037c. The vulnerability resides in the ap_macfilter_add function of the /send_order.cgi CGI script, which processes a 'mac' parameter. Improper input validation allows an attacker to inject arbitrary shell commands by manipulating this parameter. The flaw is remotely exploitable without authentication or user interaction, making it accessible to any attacker with network access to the device's management interface. Successful exploitation could allow attackers to execute arbitrary commands with the privileges of the web server process, potentially leading to full device compromise, unauthorized configuration changes, or network disruption. The vendor was notified early but has not issued any patch or mitigation guidance. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:L), no user interaction (UI:N), and partial impacts on confidentiality, integrity, and availability (VC:L, VI:L, VA:L). Although no in-the-wild exploitation has been confirmed, public exploit code is available, increasing the risk of attacks. This vulnerability is critical for environments relying on this router model for network perimeter or internal segmentation, as it could be leveraged to pivot into internal networks or disrupt services.

For European organizations, exploitation of this vulnerability could lead to unauthorized remote command execution on affected routers, resulting in potential network outages, interception or manipulation of network traffic, and unauthorized access to internal systems. Given the router's role in network management and filtering, attackers could disable security controls, redirect traffic, or establish persistent footholds. This could impact confidentiality, integrity, and availability of organizational networks. Critical infrastructure, SMEs, and enterprises using ADSLR NBR1005GPEV2 devices in Europe may face operational disruptions and data breaches. The lack of vendor response and patch increases exposure time, raising the likelihood of exploitation. Additionally, attackers could leverage this vulnerability as a stepping stone for lateral movement within corporate networks, amplifying the impact. The medium CVSS score reflects moderate but tangible risks, especially in environments with limited network segmentation or monitoring.

Since no official patch or vendor guidance is available, European organizations should implement the following mitigations: 1) Immediately restrict network access to the management interface of ADSLR NBR1005GPEV2 devices using firewall rules or network segmentation to allow only trusted administrative hosts. 2) Disable or restrict the /send_order.cgi endpoint if feasible, or disable the MAC filter functionality if it is not critical. 3) Monitor network traffic and device logs for suspicious requests targeting the 'mac' parameter or unusual command execution patterns. 4) Replace vulnerable devices with alternative routers from vendors with active security support if possible. 5) Employ intrusion detection/prevention systems (IDS/IPS) with signatures for known exploit attempts against this vulnerability. 6) Conduct regular network scans to identify devices running the affected firmware version and prioritize remediation. 7) Educate network administrators about the vulnerability and ensure strong administrative credentials and multi-factor authentication are enforced to reduce risk from other attack vectors. These steps go beyond generic advice by focusing on network-level controls and device replacement due to the absence of patches.