PT-2025-48400 · Unknown · Adslr B-Qe2W401

2Er00Ne

Publicado

2025-12-01

Atualizado

2025-12-26

CVE-2025-13797

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ADSLR B-QE2W401 version 250814-r037c

Description A command injection issue exists in ADSLR B-QE2W401 250814-r037c. Manipulation of the del swifimac parameter within the /send order.cgi file can lead to command execution. This attack can be performed remotely. The exploit is publicly available. The vendor was notified but did not respond.

Recommendations Restrict or disable the use of the /send order.cgi file. As a temporary workaround, avoid using the del swifimac parameter in the /send order.cgi file until a fix is available.

Exploit

Correção

Command Injection

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-77CWE-74

Identificadores relacionados

CVE-2025-13797

Produtos afetados

Adslr B-Qe2W401

PT-2025-48400 · Unknown · Adslr B-Qe2W401

CVE-2025-13797

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 14