Vulnerability Description
A vulnerability was found in ADSLR NBR1005GPEV2 250814-r037c. This issue affects the function set_mesh_disconnect of the file /send_order.cgi. The manipulation of the argument mac results in command injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adslr | B-Qe2W401 Firmware | <= 250814-r037c |
| Adslr | B-Qe2W401 | - |
Related Weaknesses (CWE)
References
- https://vuldb.com/?ctiid.333811Permissions RequiredVDB Entry
- https://vuldb.com/?id.333811Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.691942Third Party AdvisoryVDB Entry
- https://www.notion.so/2a70c75766a88023aa0ed833ff0239e1ExploitThird Party Advisory
FAQ
What is CVE-2025-13800?
CVE-2025-13800 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A vulnerability was found in ADSLR NBR1005GPEV2 250814-r037c. This issue affects the function set_mesh_disconnect of the file /send_order.cgi. The manipulation of the argument mac results in command i...
How severe is CVE-2025-13800?
CVE-2025-13800 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-13800?
Check the references section above for vendor advisories and patch information. Affected products include: Adslr B-Qe2W401 Firmware, Adslr B-Qe2W401.