CVE-2025-13800 is a command injection vulnerability identified in the ADSLR NBR1005GPEV2 router firmware version 250814-r037c. The vulnerability resides in the set_mesh_disconnect function of the /send_order.cgi endpoint, where the mac parameter is insufficiently sanitized, allowing an attacker to inject arbitrary shell commands. This flaw can be exploited remotely without requiring authentication or user interaction, increasing the risk of widespread exploitation. The vulnerability has a CVSS 4.0 base score of 5.3, reflecting medium severity due to the lack of privilege requirements but limited impact scope. The exploit enables attackers to execute arbitrary commands on the device, potentially leading to full device compromise, unauthorized configuration changes, or denial of service. The vendor was notified early but has not issued any patches or advisories, and no official remediation is available. Public exploit code has been released, increasing the risk of exploitation by malicious actors. The vulnerability affects a specific firmware version, so organizations using this version are at risk. The lack of authentication and remote exploitability make this a significant threat to network security, especially in environments where these routers serve as critical network nodes or gateways.

For European organizations, this vulnerability poses risks including unauthorized remote control of network routers, leading to potential interception or manipulation of network traffic, disruption of network services, and compromise of internal network integrity. Organizations relying on ADSLR NBR1005GPEV2 devices in their infrastructure could experience outages or breaches, impacting confidentiality, integrity, and availability of their networks. Critical sectors such as telecommunications, government, and enterprises with mesh network deployments are particularly vulnerable. The absence of vendor patches and public exploit availability increase the likelihood of exploitation attempts. Attackers could leverage this vulnerability to pivot into internal networks, escalate privileges, or launch further attacks. The medium severity rating suggests moderate but tangible risks, especially if exploited in large-scale or targeted attacks. The impact is amplified in environments where these routers are deployed at network perimeters or in sensitive operational contexts.

Given the lack of official patches, European organizations should implement immediate compensating controls. These include isolating affected devices from untrusted networks, restricting remote access to management interfaces, and disabling mesh networking features if feasible. Network segmentation should be enforced to limit lateral movement from compromised devices. Continuous monitoring for unusual command execution or network behavior related to the /send_order.cgi endpoint is critical. Employing intrusion detection systems with signatures for known exploit patterns can help detect exploitation attempts. Organizations should inventory their network devices to identify affected firmware versions and prioritize replacement or firmware upgrades once available. Engaging with ADSLR or third-party security providers for custom mitigation or firmware updates is advisable. Additionally, applying strict firewall rules to block unauthorized access to router management ports and educating network administrators about this vulnerability will reduce risk exposure.