CVE-2025-13800 identifies a command injection vulnerability in the ADSLR NBR1005GPEV2 router firmware version 250814-r037c. The vulnerability resides in the set_mesh_disconnect function of the /send_order.cgi endpoint, where the mac parameter is improperly sanitized, allowing an attacker to inject arbitrary shell commands. This flaw can be exploited remotely over the network without requiring authentication or user interaction, as indicated by the CVSS vector (AV:N/AC:L/AT:N/UI:N/PR:L). The vulnerability impacts confidentiality, integrity, and availability by enabling attackers to execute arbitrary commands, potentially leading to full device compromise, unauthorized network access, or denial of service. The vendor was notified but has not responded or issued patches, and while no known exploits are currently active in the wild, exploit code has been publicly disclosed, increasing the risk of future attacks. The vulnerability affects a specific firmware version, so devices running this version or earlier are vulnerable. The lack of vendor response and patch availability heightens the urgency for organizations to implement compensating controls. The vulnerability's medium CVSS score (5.3) reflects the balance between ease of exploitation and the requirement for some privileges (PR:L) but no user interaction or complex attack conditions. This vulnerability is particularly concerning for environments where these routers serve as critical network infrastructure or connect sensitive systems.

For European organizations, exploitation of CVE-2025-13800 could lead to unauthorized command execution on vulnerable ADSLR NBR1005GPEV2 routers, resulting in device takeover, network disruption, or pivoting to internal systems. This could compromise confidentiality by exposing sensitive network traffic or credentials, integrity by altering device configurations or firmware, and availability by causing denial of service. Organizations relying on these routers for mesh networking or critical connectivity may experience operational outages or data breaches. The absence of vendor patches increases exposure duration, and public exploit availability raises the likelihood of targeted attacks. Industries with stringent regulatory requirements (e.g., finance, healthcare, critical infrastructure) could face compliance violations and reputational damage. The threat is amplified in environments with limited network segmentation or weak monitoring, enabling attackers to move laterally once inside the network. European entities with remote management enabled on these devices are particularly at risk due to the remote exploitability without authentication.

1. Immediately identify and inventory all ADSLR NBR1005GPEV2 devices running firmware version 250814-r037c or earlier. 2. Disable remote management interfaces and any unnecessary services, especially those exposing /send_order.cgi endpoints. 3. Implement strict network segmentation to isolate vulnerable routers from critical systems and sensitive data. 4. Monitor network traffic for unusual commands or activity targeting the mac parameter or /send_order.cgi endpoint. 5. Employ intrusion detection/prevention systems (IDS/IPS) with signatures for known exploit patterns related to this vulnerability. 6. Restrict access to router management interfaces to trusted IP addresses only. 7. Regularly check for vendor updates or patches and apply them promptly once available. 8. Consider replacing vulnerable devices with alternative hardware if patches are not forthcoming. 9. Conduct security awareness training for network administrators to recognize signs of exploitation. 10. Maintain up-to-date backups of router configurations to enable rapid recovery if compromise occurs.