Vulnerability Description
A vulnerability was detected in ADSLR B-QE2W401 250814-r037c. Affected by this issue is the function parameterdel_swifimac of the file /send_order.cgi. Performing manipulation of the argument del_swifimac results in command injection. The attack is possible to be carried out remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adslr | B-Qe2W401 Firmware | <= 250814-r037c |
| Adslr | B-Qe2W401 | - |
Related Weaknesses (CWE)
References
- https://vuldb.com/?ctiid.333808Permissions RequiredVDB Entry
- https://vuldb.com/?id.333808Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.691838Third Party AdvisoryVDB Entry
- https://www.notion.so/2a60c75766a88027a6aec07b378332a8ExploitThird Party Advisory
- https://www.notion.so/report-7-2a60c75766a88027a6aec07b378332a8ExploitThird Party Advisory
FAQ
What is CVE-2025-13797?
CVE-2025-13797 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A vulnerability was detected in ADSLR B-QE2W401 250814-r037c. Affected by this issue is the function parameterdel_swifimac of the file /send_order.cgi. Performing manipulation of the argument del_swif...
How severe is CVE-2025-13797?
CVE-2025-13797 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-13797?
Check the references section above for vendor advisories and patch information. Affected products include: Adslr B-Qe2W401 Firmware, Adslr B-Qe2W401.