CVE-2025-13799

Name of the Vulnerable Software and Affected Versions ADSLR NBR1005GPEV2 version 250814-r037c

Description A flaw exists in ADSLR NBR1005GPEV2 250814-r037c that allows for remote command injection. The issue is located within the ap macfilter del function of the /send order.cgi file. Manipulation of the mac argument can lead to unauthorized command execution. The exploit for this issue has been publicly disclosed.

Recommendations As a temporary workaround, consider restricting access to the /send order.cgi file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.