CVE-2025-13800: Critical Command Injection Flaw Threatens ADSLR NBR1005GPEV2 Routers

Overview

CVE-2025-13800 is a medium severity command injection vulnerability identified in ADSLR NBR1005GPEV2 routers running firmware version 250814-r037c. This flaw allows remote attackers to execute arbitrary commands on the affected device by manipulating the mac argument within the set_mesh_disconnect function of the /send_order.cgi file. The exploit for this vulnerability is publicly available, increasing the risk of exploitation.

Technical Details

The vulnerability resides in the set_mesh_disconnect function within the /send_order.cgi script. Improper sanitization of the mac argument allows an attacker to inject arbitrary commands into the system’s shell. By crafting a malicious request containing shell metacharacters within the mac parameter, an attacker can execute commands with the privileges of the web server process.

For example, a malicious request might look like this:

      POST /send_order.cgi HTTP/1.1
      Host: [Router IP Address]
      Content-Type: application/x-www-form-urlencoded

      set_mesh_disconnect=1&mac=;reboot;
    

In this example, the ;reboot; command is injected into the system, causing the router to reboot. More sophisticated attacks could involve gaining a reverse shell or exfiltrating sensitive data.

CVSS Analysis

The CVSS score for CVE-2025-13800 is 6.3 (Medium). The CVSS vector is likely to be something similar to: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
This score reflects the following factors:

• Attack Vector (AV:N): The vulnerability is exploitable over the network.
• Attack Complexity (AC:L): The attack complexity is low.
• Privileges Required (PR:N): No privileges are required to exploit the vulnerability.
• User Interaction (UI:R): User interaction is required. (This might be misleading; typically exploitation is possible without User Interaction, and that would increase the severity)
• Scope (S:U): The scope is unchanged.
• Confidentiality Impact (C:L): There is limited impact to confidentiality.
• Integrity Impact (I:L): There is limited impact to integrity.
• Availability Impact (A:L): There is limited impact to availability.

Possible Impact

Successful exploitation of CVE-2025-13800 could have several significant impacts:

• Device Compromise: Attackers can gain complete control over the router.
• Network Disruption: The router could be used to disrupt network services or launch attacks against other devices on the network.
• Data Theft: Sensitive data stored on the router or transmitted through it could be compromised.
• Botnet Recruitment: The compromised router could be recruited into a botnet for malicious purposes.

Mitigation or Patch Steps

Unfortunately, the vendor, ADSLR, has not responded to disclosure attempts and has not released a patch for this vulnerability. Therefore, users of the NBR1005GPEV2 router are advised to take the following mitigation steps:

1. Discontinue Use: The safest option is to discontinue the use of the vulnerable router and replace it with a more secure alternative from a vendor with a better security track record.
2. Network Segmentation: If discontinuing use is not possible, isolate the router on a separate network segment with strict firewall rules to limit potential damage.
3. Monitor Network Traffic: Monitor network traffic for suspicious activity originating from the router.
4. Consider Third-Party Firmware: Explore the possibility of installing third-party firmware (e.g., OpenWRT) if available and compatible, but ensure thorough research and understanding of the installation process and potential risks. Note: This may not be an option or a safe one.

References

• VulDB – CVE-2025-13800
• VulDB – Vulnerability Details
• VulDB – Submission Details
• Notion Document (Proof of Concept)