Description
A vulnerability was determined in TRENDnet TEW-713RE up to 1.02. The affected element is the function sub_421494 of the file /goform/addRouting. Executing a manipulation of the argument dest can lead to command injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-03-31
Score: 5.3 Medium
EPSS: 1.4% Low
KEV: No
Impact: Command Injection
Action: Immediate Patch
AI Analysis

Impact

The TEW-713RE firmware up to 1.02 contains a command injection flaw in the sub_421494 function of /goform/addRouting. By supplying a crafted value for the dest argument, an attacker can have the device execute arbitrary shell commands, thereby compromising confidentiality, integrity, and availability.

Affected Systems

Affected systems are TRENDnet TEW‑713RE routers running firmware version 1.02 or earlier. No earlier versions are listed, so the scope is limited to this generation.

Risk and Exploitability

The CVSS score is 5.3, indicating a moderate risk. No EPSS or KEV entry is available, but the flaw has been publicly disclosed and is likely exploitable over the network. The attack vector is remote, requiring access to the router’s web interface. Because the vendor did not respond, no official fix is released, so the risk remains unless mitigated by disabling the vulnerable interface or applying a firmware upgrade.

Generated by OpenCVE AI on March 31, 2026 at 07:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any available firmware updates for the TEW-713RE.
  • If a patch is not yet released, restrict access to the router’s web interface to trusted networks or disable remote management entirely.
  • Configure firewall rules to block the /goform/addRouting endpoint or any attempt to reach it from untrusted sources.
  • Monitor logs for unusual network traffic targeting the device and investigate promptly.
  • Employ network segmentation to isolate the device from critical infrastructure.

Generated by OpenCVE AI on March 31, 2026 at 07:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Trendnet tew-713re
Vendors & Products Trendnet tew-713re

Tue, 31 Mar 2026 06:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in TRENDnet TEW-713RE up to 1.02. The affected element is the function sub_421494 of the file /goform/addRouting. Executing a manipulation of the argument dest can lead to command injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Title TRENDnet TEW-713RE addRouting sub_421494 command injection
First Time appeared Trendnet
Trendnet tew-713re Firmware
Weaknesses CWE-74
CWE-77
CPEs cpe:2.3:o:trendnet:tew-713re_firmware:*:*:*:*:*:*:*:*
Vendors & Products Trendnet
Trendnet tew-713re Firmware
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Trendnet Tew-713re Tew-713re Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-02T14:59:28.115Z

Reserved: 2026-03-30T19:05:07.402Z

Link: CVE-2026-5183

cve-icon Vulnrichment

Updated: 2026-04-02T14:59:23.201Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-31T06:16:01.590

Modified: 2026-04-01T14:24:02.583

Link: CVE-2026-5183

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T20:39:26Z

Weaknesses