Search criteria
6 vulnerabilities found for NBR1005GPEV2 by ADSLR
CVE-2025-13800 (GCVE-0-2025-13800)
Vulnerability from nvd – Published: 2025-12-01 01:32 – Updated: 2025-12-01 17:36
VLAI
Title
ADSLR NBR1005GPEV2 send_order.cgi set_mesh_disconnect command injection
Summary
A vulnerability was found in ADSLR NBR1005GPEV2 250814-r037c. This issue affects the function set_mesh_disconnect of the file /send_order.cgi. The manipulation of the argument mac results in command injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.333811 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.333811 | signaturepermissions-required |
| https://vuldb.com/?submit.691942 | third-party-advisory |
| https://www.notion.so/2a70c75766a88023aa0ed833ff0239e1 | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ADSLR | NBR1005GPEV2 |
Affected:
250814-r037c
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13800",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-01T17:35:15.384549Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T17:36:00.255Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "NBR1005GPEV2",
"vendor": "ADSLR",
"versions": [
{
"status": "affected",
"version": "250814-r037c"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "2er00ne (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in ADSLR NBR1005GPEV2 250814-r037c. This issue affects the function set_mesh_disconnect of the file /send_order.cgi. The manipulation of the argument mac results in command injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T01:32:05.993Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-333811 | ADSLR NBR1005GPEV2 send_order.cgi set_mesh_disconnect command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.333811"
},
{
"name": "VDB-333811 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.333811"
},
{
"name": "Submit #691942 | Adslr NBR1005GPEV2 250814-r037c Remote code execution",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.691942"
},
{
"tags": [
"exploit"
],
"url": "https://www.notion.so/2a70c75766a88023aa0ed833ff0239e1"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-11-30T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-11-30T15:03:48.000Z",
"value": "VulDB entry last update"
}
],
"title": "ADSLR NBR1005GPEV2 send_order.cgi set_mesh_disconnect command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-13800",
"datePublished": "2025-12-01T01:32:05.993Z",
"dateReserved": "2025-11-30T13:58:37.562Z",
"dateUpdated": "2025-12-01T17:36:00.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13799 (GCVE-0-2025-13799)
Vulnerability from nvd – Published: 2025-12-01 01:02 – Updated: 2025-12-01 17:37
VLAI
Title
ADSLR NBR1005GPEV2 send_order.cgi ap_macfilter_del command injection
Summary
A vulnerability has been found in ADSLR NBR1005GPEV2 250814-r037c. This vulnerability affects the function ap_macfilter_del of the file /send_order.cgi. The manipulation of the argument mac leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.333810 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.333810 | signaturepermissions-required |
| https://vuldb.com/?submit.691842 | third-party-advisory |
| https://www.notion.so/2a60c75766a8801e8e4bdd3be8072d9d | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ADSLR | NBR1005GPEV2 |
Affected:
250814-r037c
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13799",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-01T17:36:47.327822Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T17:37:38.654Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "NBR1005GPEV2",
"vendor": "ADSLR",
"versions": [
{
"status": "affected",
"version": "250814-r037c"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "2er00ne (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in ADSLR NBR1005GPEV2 250814-r037c. This vulnerability affects the function ap_macfilter_del of the file /send_order.cgi. The manipulation of the argument mac leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T01:02:05.859Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-333810 | ADSLR NBR1005GPEV2 send_order.cgi ap_macfilter_del command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.333810"
},
{
"name": "VDB-333810 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.333810"
},
{
"name": "Submit #691842 | Adslr NBR1005GPEV2 250814-r037c Remote code execution",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.691842"
},
{
"tags": [
"exploit"
],
"url": "https://www.notion.so/2a60c75766a8801e8e4bdd3be8072d9d"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-11-30T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-11-30T15:03:47.000Z",
"value": "VulDB entry last update"
}
],
"title": "ADSLR NBR1005GPEV2 send_order.cgi ap_macfilter_del command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-13799",
"datePublished": "2025-12-01T01:02:05.859Z",
"dateReserved": "2025-11-30T13:58:34.486Z",
"dateUpdated": "2025-12-01T17:37:38.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13798 (GCVE-0-2025-13798)
Vulnerability from nvd – Published: 2025-12-01 00:32 – Updated: 2025-12-01 14:52
VLAI
Title
ADSLR NBR1005GPEV2 send_order.cgi ap_macfilter_add command injection
Summary
A flaw has been found in ADSLR NBR1005GPEV2 250814-r037c. This affects the function ap_macfilter_add of the file /send_order.cgi. Executing manipulation of the argument mac can lead to command injection. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.333809 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.333809 | signaturepermissions-required |
| https://vuldb.com/?submit.691841 | third-party-advisory |
| https://www.notion.so/2a60c75766a8805a8973d2ff6a6bcb26 | exploit |
| https://www.notion.so/Report-8-2a60c75766a8805a89… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ADSLR | NBR1005GPEV2 |
Affected:
250814-r037c
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13798",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-01T14:52:32.890333Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T14:52:38.980Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.notion.so/Report-8-2a60c75766a8805a8973d2ff6a6bcb26"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "NBR1005GPEV2",
"vendor": "ADSLR",
"versions": [
{
"status": "affected",
"version": "250814-r037c"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "2er00ne (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in ADSLR NBR1005GPEV2 250814-r037c. This affects the function ap_macfilter_add of the file /send_order.cgi. Executing manipulation of the argument mac can lead to command injection. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T00:32:06.723Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-333809 | ADSLR NBR1005GPEV2 send_order.cgi ap_macfilter_add command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.333809"
},
{
"name": "VDB-333809 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.333809"
},
{
"name": "Submit #691841 | Adslr NBR1005GPEV2 250814-r037c Remote code execution",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.691841"
},
{
"tags": [
"exploit"
],
"url": "https://www.notion.so/2a60c75766a8805a8973d2ff6a6bcb26"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-11-30T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-11-30T15:03:45.000Z",
"value": "VulDB entry last update"
}
],
"title": "ADSLR NBR1005GPEV2 send_order.cgi ap_macfilter_add command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-13798",
"datePublished": "2025-12-01T00:32:06.723Z",
"dateReserved": "2025-11-30T13:58:31.728Z",
"dateUpdated": "2025-12-01T14:52:38.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13800 (GCVE-0-2025-13800)
Vulnerability from cvelistv5 – Published: 2025-12-01 01:32 – Updated: 2025-12-01 17:36
VLAI
Title
ADSLR NBR1005GPEV2 send_order.cgi set_mesh_disconnect command injection
Summary
A vulnerability was found in ADSLR NBR1005GPEV2 250814-r037c. This issue affects the function set_mesh_disconnect of the file /send_order.cgi. The manipulation of the argument mac results in command injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.333811 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.333811 | signaturepermissions-required |
| https://vuldb.com/?submit.691942 | third-party-advisory |
| https://www.notion.so/2a70c75766a88023aa0ed833ff0239e1 | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ADSLR | NBR1005GPEV2 |
Affected:
250814-r037c
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13800",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-01T17:35:15.384549Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T17:36:00.255Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "NBR1005GPEV2",
"vendor": "ADSLR",
"versions": [
{
"status": "affected",
"version": "250814-r037c"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "2er00ne (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in ADSLR NBR1005GPEV2 250814-r037c. This issue affects the function set_mesh_disconnect of the file /send_order.cgi. The manipulation of the argument mac results in command injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T01:32:05.993Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-333811 | ADSLR NBR1005GPEV2 send_order.cgi set_mesh_disconnect command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.333811"
},
{
"name": "VDB-333811 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.333811"
},
{
"name": "Submit #691942 | Adslr NBR1005GPEV2 250814-r037c Remote code execution",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.691942"
},
{
"tags": [
"exploit"
],
"url": "https://www.notion.so/2a70c75766a88023aa0ed833ff0239e1"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-11-30T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-11-30T15:03:48.000Z",
"value": "VulDB entry last update"
}
],
"title": "ADSLR NBR1005GPEV2 send_order.cgi set_mesh_disconnect command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-13800",
"datePublished": "2025-12-01T01:32:05.993Z",
"dateReserved": "2025-11-30T13:58:37.562Z",
"dateUpdated": "2025-12-01T17:36:00.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13799 (GCVE-0-2025-13799)
Vulnerability from cvelistv5 – Published: 2025-12-01 01:02 – Updated: 2025-12-01 17:37
VLAI
Title
ADSLR NBR1005GPEV2 send_order.cgi ap_macfilter_del command injection
Summary
A vulnerability has been found in ADSLR NBR1005GPEV2 250814-r037c. This vulnerability affects the function ap_macfilter_del of the file /send_order.cgi. The manipulation of the argument mac leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.333810 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.333810 | signaturepermissions-required |
| https://vuldb.com/?submit.691842 | third-party-advisory |
| https://www.notion.so/2a60c75766a8801e8e4bdd3be8072d9d | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ADSLR | NBR1005GPEV2 |
Affected:
250814-r037c
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13799",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-01T17:36:47.327822Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T17:37:38.654Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "NBR1005GPEV2",
"vendor": "ADSLR",
"versions": [
{
"status": "affected",
"version": "250814-r037c"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "2er00ne (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in ADSLR NBR1005GPEV2 250814-r037c. This vulnerability affects the function ap_macfilter_del of the file /send_order.cgi. The manipulation of the argument mac leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T01:02:05.859Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-333810 | ADSLR NBR1005GPEV2 send_order.cgi ap_macfilter_del command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.333810"
},
{
"name": "VDB-333810 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.333810"
},
{
"name": "Submit #691842 | Adslr NBR1005GPEV2 250814-r037c Remote code execution",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.691842"
},
{
"tags": [
"exploit"
],
"url": "https://www.notion.so/2a60c75766a8801e8e4bdd3be8072d9d"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-11-30T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-11-30T15:03:47.000Z",
"value": "VulDB entry last update"
}
],
"title": "ADSLR NBR1005GPEV2 send_order.cgi ap_macfilter_del command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-13799",
"datePublished": "2025-12-01T01:02:05.859Z",
"dateReserved": "2025-11-30T13:58:34.486Z",
"dateUpdated": "2025-12-01T17:37:38.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13798 (GCVE-0-2025-13798)
Vulnerability from cvelistv5 – Published: 2025-12-01 00:32 – Updated: 2025-12-01 14:52
VLAI
Title
ADSLR NBR1005GPEV2 send_order.cgi ap_macfilter_add command injection
Summary
A flaw has been found in ADSLR NBR1005GPEV2 250814-r037c. This affects the function ap_macfilter_add of the file /send_order.cgi. Executing manipulation of the argument mac can lead to command injection. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.333809 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.333809 | signaturepermissions-required |
| https://vuldb.com/?submit.691841 | third-party-advisory |
| https://www.notion.so/2a60c75766a8805a8973d2ff6a6bcb26 | exploit |
| https://www.notion.so/Report-8-2a60c75766a8805a89… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ADSLR | NBR1005GPEV2 |
Affected:
250814-r037c
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13798",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-01T14:52:32.890333Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T14:52:38.980Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.notion.so/Report-8-2a60c75766a8805a8973d2ff6a6bcb26"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "NBR1005GPEV2",
"vendor": "ADSLR",
"versions": [
{
"status": "affected",
"version": "250814-r037c"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "2er00ne (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in ADSLR NBR1005GPEV2 250814-r037c. This affects the function ap_macfilter_add of the file /send_order.cgi. Executing manipulation of the argument mac can lead to command injection. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T00:32:06.723Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-333809 | ADSLR NBR1005GPEV2 send_order.cgi ap_macfilter_add command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.333809"
},
{
"name": "VDB-333809 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.333809"
},
{
"name": "Submit #691841 | Adslr NBR1005GPEV2 250814-r037c Remote code execution",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.691841"
},
{
"tags": [
"exploit"
],
"url": "https://www.notion.so/2a60c75766a8805a8973d2ff6a6bcb26"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-11-30T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-11-30T15:03:45.000Z",
"value": "VulDB entry last update"
}
],
"title": "ADSLR NBR1005GPEV2 send_order.cgi ap_macfilter_add command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-13798",
"datePublished": "2025-12-01T00:32:06.723Z",
"dateReserved": "2025-11-30T13:58:31.728Z",
"dateUpdated": "2025-12-01T14:52:38.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}