Description
Comtrend AR-5310 GE31-412SSG-C01_R10.A2pG039u.d24k contains a restricted shell escape vulnerability that allows local users to bypass command restrictions by using the command substitution operator $( ). Attackers can inject arbitrary commands through the $( ) syntax when passed as arguments to allowed commands like ping to execute unrestricted shell access.
Published: 2026-03-11
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Local Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

Comtrend AR-5310 firmware version R10.A2pG039u.d24k contains a restricted shell escape vulnerability that permits local users to insert the command substitution operator $( ) into arguments of allowed commands such as ping. This allows an attacker to execute arbitrary shell commands beyond the intended command list, effectively providing unrestricted shell access on the device. The weakness is identified as CWE-306: Authentication Bypass Through User-Controlled Key.

Affected Systems

The affected product is the Comtrend AR-5310 router. The vulnerability applies specifically to firmware build GE31-412SSG-C01_R10.A2pG039u.d24k. No other versions or products are listed as affected.

Risk and Exploitability

The CVSS score is 8.6, indicating a high severity vulnerability. The EPSS score is below 1%, suggesting low exploit probability in the wild. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the attack vector is local; an individual with physical or console access to the router can exploit the vulnerability by crafting a command that incorporates $( ) into supported command arguments. No remote exploitation is documented in the provided data.

Generated by OpenCVE AI on March 17, 2026 at 14:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the Comtrend website or support portal for a firmware update that addresses the restricted shell escape vulnerability and apply it immediately.
  • If no patch is available, limit local console or SSH access to authorized personnel only and consider disabling or restricting the ping command or other exposed utilities.
  • Implement network segmentation so that users with device access are isolated from critical internal resources.
  • Monitor device logs for suspicious command execution patterns and enforce stricter command restrictions if possible.

Generated by OpenCVE AI on March 17, 2026 at 14:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 12 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Comtrend
Comtrend ar-5310
Vendors & Products Comtrend
Comtrend ar-5310

Wed, 11 Mar 2026 22:30:00 +0000

Type Values Removed Values Added
References

Wed, 11 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
References

Wed, 11 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 11 Mar 2026 18:45:00 +0000

Type Values Removed Values Added
Description Comtrend AR-5310 GE31-412SSG-C01_R10.A2pG039u.d24k contains a restricted shell escape vulnerability that allows local users to bypass command restrictions by using the command substitution operator $( ). Attackers can inject arbitrary commands through the $( ) syntax when passed as arguments to allowed commands like ping to execute unrestricted shell access.
Title Comtrend AR-5310 GE31-412SSG-C01_R10.A2pG039u.d24k Restricted Shell Escape
Weaknesses CWE-306
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Comtrend Ar-5310
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-07T14:04:36.036Z

Reserved: 2026-02-23T13:57:05.409Z

Link: CVE-2019-25483

cve-icon Vulnrichment

Updated: 2026-03-11T19:22:35.380Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-11T19:16:02.367

Modified: 2026-03-12T21:08:22.643

Link: CVE-2019-25483

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T15:29:40Z

Weaknesses