CVE-2025-13799 identifies a command injection vulnerability in the ADSLR NBR1005GPEV2 router firmware version 250814-r037c. The vulnerability resides in the ap_macfilter_del function of the /send_order.cgi endpoint, where the mac parameter is insufficiently sanitized, allowing an attacker to inject arbitrary OS commands. This flaw can be exploited remotely over the network without requiring authentication or user interaction, making it accessible to unauthenticated attackers. The vulnerability was publicly disclosed on December 1, 2025, with exploit details available, though no patch or vendor response has been provided. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:L - low privileges), no user interaction (UI:N), and low impact on confidentiality, integrity, and availability (VC:L, VI:L, VA:L). The lack of vendor remediation increases the risk of exploitation in the wild, potentially allowing attackers to execute arbitrary commands on affected devices, leading to device takeover, network pivoting, or disruption of network services. The affected product is a specific router model commonly used in small to medium business or residential environments, which may serve as a gateway to internal networks. The absence of patches necessitates alternative mitigation strategies to protect networks relying on this hardware.

For European organizations, this vulnerability poses a risk of unauthorized remote command execution on affected ADSLR NBR1005GPEV2 routers, potentially leading to device compromise, network infiltration, or denial of service. Compromised routers can be leveraged to intercept or manipulate network traffic, launch further attacks within internal networks, or disrupt connectivity critical for business operations. Given the router’s role as a network gateway, exploitation could undermine confidentiality and integrity of communications, especially in environments lacking additional network segmentation or monitoring. The medium CVSS score reflects limited but meaningful impact, as the vulnerability requires low privileges but no authentication, increasing exposure. Organizations in sectors with stringent security requirements, such as finance, healthcare, or critical infrastructure, may face elevated risks if these devices are deployed without compensating controls. The lack of vendor patching prolongs exposure, emphasizing the need for proactive defense measures.

1. Immediately disable remote management interfaces on ADSLR NBR1005GPEV2 routers to prevent external exploitation. 2. Implement strict network segmentation to isolate vulnerable routers from critical internal systems and sensitive data. 3. Monitor network traffic for unusual commands or patterns indicative of exploitation attempts targeting /send_order.cgi or the mac parameter. 4. Replace affected devices with alternative hardware from vendors with active security support if feasible. 5. Employ intrusion detection/prevention systems (IDS/IPS) tuned to detect command injection attempts specific to this vulnerability. 6. Restrict administrative access to the routers to trusted internal IP addresses only. 7. Regularly audit router configurations and firmware versions to identify and remediate vulnerable devices. 8. Engage with ADSLR or third-party security communities for any emerging patches or workarounds. 9. Educate network administrators about this vulnerability and encourage vigilance for signs of compromise. 10. Consider deploying network-level application firewalls to filter malicious payloads targeting CGI endpoints.