Overview
CVE-2025-13799 is a medium-severity command injection vulnerability identified in the ADSLR NBR1005GPEV2 router, specifically affecting firmware version 250814-r037c. This flaw allows a remote attacker to execute arbitrary commands on the device by manipulating the mac argument within the ap_macfilter_del function of the /send_order.cgi file. The vulnerability has been publicly disclosed and an exploit is available. Unfortunately, the vendor has not responded to vulnerability reports.
Technical Details
The vulnerability resides in the ap_macfilter_del function within the /send_order.cgi script of the ADSLR NBR1005GPEV2 router. The script fails to properly sanitize user-supplied input for the mac parameter. By injecting malicious commands into this parameter, an attacker can execute arbitrary commands on the underlying operating system with elevated privileges. This is a classic command injection scenario.
The attack vector is remote, meaning an attacker does not need physical access to the device or local network. They can exploit this vulnerability over the internet if the router’s web interface is exposed.
CVSS Analysis
The Common Vulnerability Scoring System (CVSS) score for CVE-2025-13799 is 6.3 (Medium).
- Attack Vector: Network (AV:N)
- Attack Complexity: Low (AC:L)
- Privileges Required: None (PR:N)
- User Interaction: None (UI:N)
- Scope: Unchanged (S:U)
- Confidentiality Impact: Low (C:L)
- Integrity Impact: Low (I:L)
- Availability Impact: Low (A:L)
While the impact on confidentiality, integrity, and availability are only rated as “Low”, the ease of exploitation (Attack Complexity: Low, Privileges Required: None) makes this a significant risk.
Possible Impact
Successful exploitation of CVE-2025-13799 can have several serious consequences:
- Complete Control of the Router: An attacker can gain full control of the router, including changing its configuration, accessing sensitive information (like Wi-Fi passwords), and installing malware.
- Network Hijacking: The router can be used to redirect traffic to malicious websites, enabling phishing attacks or the distribution of malware.
- Denial of Service: The router can be rendered unusable, disrupting internet access for all connected devices.
- Botnet Recruitment: The compromised router can be added to a botnet and used to launch attacks against other targets.
Mitigation and Patch Steps
Unfortunately, there is currently no official patch available from the vendor, ADSLR. Given the lack of vendor response, the following mitigation steps are recommended:
- Disable Remote Access: If possible, disable remote access to the router’s web interface. This will prevent attackers from exploiting the vulnerability over the internet. This can usually be found under “Remote Management” or similar in the router’s configuration.
- Use a Strong Password: Ensure that the router’s administrative password is strong and unique. Avoid default passwords.
- Monitor Network Traffic: Monitor network traffic for suspicious activity, such as unusual outbound connections.
- Consider Router Replacement: If possible, consider replacing the vulnerable router with a more secure alternative from a vendor that provides timely security updates.
- Firewall: Ensure a firewall is in place to reduce the attack surface of the device.
