CVE-2026-5184

MediumPublic PoC

Published: 31 March 2026

Published

31 March 2026

Modified

30 April 2026

KEV Added

—

Patch

—

CVSS Score 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0043 63.0th percentile

Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Description

A vulnerability was identified in TRENDnet TEW-713RE up to 1.02. The impacted element is an unknown function of the file /goform/setSysAdm. The manipulation of the argument admuser leads to command injection. The attack can be initiated remotely. The exploit is…

publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly addresses command injection by requiring validation and sanitization of untrusted inputs like the 'admuser' argument in /goform/setSysAdm.

SI-2 Flaw Remediation good match

preventrecover

Mandates identification, reporting, and correction of flaws such as this command injection vulnerability through patching or other remediation.

RA-5 Vulnerability Monitoring and Scanning good match

detectrespond

Requires vulnerability scanning to identify and remediate this specific CVE in affected TRENDnet devices.

Security SummaryAI

CVE-2026-5184 is a command injection vulnerability affecting TRENDnet TEW-713RE devices running firmware versions up to 1.02. The issue resides in an unknown function within the /goform/setSysAdm file, where manipulation of the "admuser" argument enables arbitrary command execution. Classified under CWE-74 (Improper Neutralization of Special Elements used in an SQL Command) and CWE-77 (Command Injection), it carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L), indicating medium severity.

The vulnerability can be exploited remotely by attackers who possess low privileges (PR:L), requiring no user interaction and low attack complexity over the network. Successful exploitation allows limited impacts on confidentiality, integrity, and availability, potentially enabling attackers to execute arbitrary commands on the device, such as altering configurations or running unauthorized processes within the context of the affected function.

Advisories from VulDB and related references, including a GitHub repository, document the issue but provide no vendor patches or mitigations, as TRENDnet was contacted early without response. The exploit is publicly available, increasing the risk of active use against unpatched devices.

In notable context, the public disclosure of the exploit on GitHub suggests potential for real-world exploitation, though no specific in-the-wild activity is confirmed in available data.

Details

CWE(s): CWE-74 CWE-77

Affected Products

trendnet

tew-713re firmware

1.02

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1210 Exploitation of Remote Services Lateral Movement

Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.

attack.mitre.org →

T1059 Command and Scripting Interpreter Execution

Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.

attack.mitre.org →

Why these techniques?

Command injection vulnerability in web endpoint (/goform/setSysAdm) allows remote exploitation of public-facing application (T1190) or remote services (T1210) with low privileges to achieve arbitrary command execution (T1059).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/panda666-888/vuls/blob/main/trendnet/tew-713re/setSysAdm.md
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/submit/780389
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/vuln/354252
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/vuln/354252/cti
Permissions Required, VDB Entry · cna@vuldb.com