Overview
CVE-2025-13797 is a medium-severity command injection vulnerability discovered in ADSLR B-QE2W401 routers, specifically affecting firmware version 250814-r037c. This vulnerability allows remote attackers to execute arbitrary commands on the device by manipulating the del_swifimac argument within the /send_order.cgi file. The exploit is publicly available, making it crucial for users to understand and mitigate this risk. The vendor was notified but did not respond to the disclosure.
Technical Details
The vulnerability lies within the parameterdel_swifimac function of the /send_order.cgi script. Improper sanitization of user-supplied input to this parameter allows an attacker to inject arbitrary commands into the system’s operating system. By crafting a malicious request with a payload injected into the del_swifimac parameter, an attacker can execute commands with the privileges of the web server process.
Specifically, the lack of proper input validation on the del_swifimac parameter allows an attacker to append shell commands to be executed on the underlying operating system. This is a classic command injection vulnerability, easily exploitable via HTTP requests.
CVSS Analysis
The Common Vulnerability Scoring System (CVSS) score for CVE-2025-13797 is 6.3 (Medium).
- Attack Vector (AV): Network (N) – The vulnerability is remotely exploitable.
- Attack Complexity (AC): Low (L) – Little specialized access or extenuating circumstances are required.
- Privileges Required (PR): None (N) – No privileges are required to exploit the vulnerability.
- User Interaction (UI): None (N) – No user interaction is required to exploit the vulnerability.
- Scope (S): Unchanged (U) – An exploited vulnerability can only affect resources managed by the same security authority.
- Confidentiality Impact (C): Low (L) – There is some disclosure of confidential information.
- Integrity Impact (I): Low (L) – Modification of data is possible.
- Availability Impact (A): Low (L) – There is reduced performance or interruptions in resource availability.
Possible Impact
Successful exploitation of CVE-2025-13797 can have several negative impacts:
- Remote Code Execution: Attackers can execute arbitrary commands on the router, potentially gaining complete control of the device.
- Data Theft: Attackers could steal sensitive data, such as Wi-Fi passwords, configuration files, and user credentials.
- Malware Installation: The router could be infected with malware, turning it into a botnet node or a tool for further attacks.
- Denial of Service (DoS): Attackers could crash the router, causing a denial of service for all connected devices.
- Network Compromise: The compromised router can be used as a pivot point to attack other devices on the network.
Mitigation and Patch Steps
Unfortunately, as the vendor has not responded to the disclosure, there are currently no official patches available. Users of ADSLR B-QE2W401 routers with firmware version 250814-r037c are strongly advised to take the following mitigation steps:
- Disable Remote Access: Disable remote administration of the router through the WAN interface. This can often be found in the router’s web interface under “Remote Management” or similar.
- Firewall Configuration: Ensure that your external firewall blocks all unsolicited incoming traffic to the router.
- Monitor Network Traffic: Monitor network traffic for suspicious activity originating from the router.
- Consider Alternative Router: If the risk is unacceptable, consider replacing the vulnerable router with a more secure device from a vendor with a better security track record.
Disclaimer: Applying these mitigations may affect some functionality of your router. Proceed with caution.
