CVE-2026-5184 - Vulnerability Details

- TRENDnet TEW-713RE setSysAdm command injection

Description

A vulnerability was identified in TRENDnet TEW-713RE up to 1.02. The impacted element is an unknown function of the file /goform/setSysAdm. The manipulation of the argument admuser leads to command injection. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Published: 2026-03-31

Score: 5.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability resides in the /goform/setSysAdm endpoint of TRENDnet TEW-713RE firmware versions up to 1.02. It allows an attacker to supply a crafted admuser argument that causes the device to execute arbitrary shell commands. This command injection can lead to remote code execution, potentially compromising the confidentiality, integrity, and availability of the device and associated network resources. The flaw is a command injection (CWE-74) and arbitrary command execution (CWE-77) issue.

Affected Systems

The affected product is TRENDnet TEW-713RE running firmware version 1.02 or earlier. No other vendors or products are listed as vulnerable. The flaw applies to all units with the specified firmware, regardless of network configuration, as long as the management interface is reachable.

Risk and Exploitability

The CVSS score of 5.3 rates this issue as moderate severity; the EPSS score of < 1% indicates a very low probability of exploitation, although public exploits are known. The attack can be launched remotely over the network by sending a specially crafted request to /goform/setSysAdm. The CVE does not specify any authentication requirements; however, the device’s management interface must be reachable to exploit the flaw. The vulnerability is not listed in CISA’s KEV catalog.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

TRENDnet

TEW-713RE

affected

Version	Status	Constraints
`1.02`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:trendnet:tew-713re_firmware:1.02:*:*:*:*:*:*:*

cpe:2.3:h:trendnet:tew-713re:-:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Trendnet

Tew-713re

100%

Version	Status	Scheme	Platform
`1.02`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the device firmware to a version newer than 1.02 to remove the vulnerable /goform/setSysAdm functionality.
If a firmware update is not immediately available, restrict access to the management interface by applying firewall rules or limiting it to trusted IP addresses.
Disable remote management functions if they are not required for operation.
Monitor system logs for unusual traffic to /goform/setSysAdm and investigate any suspicious activity.

Generated by OpenCVE AI on May 2, 2026 at 11:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00435.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/panda666-888/vuls/blob/main/trendnet/tew-713re/setSysAdm.md
https://vuldb.com/submit/780389
https://vuldb.com/vuln/354252
https://vuldb.com/vuln/354252/cti

History

Thu, 30 Apr 2026 17:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:h:trendnet:tew-713re:-:::::::* cpe:2.3:o:trendnet:tew-713re_firmware:1.02:::::::*

Wed, 01 Apr 2026 02:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Trendnet tew-713re
Vendors & Products		Trendnet tew-713re

Tue, 31 Mar 2026 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 31 Mar 2026 07:00:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was identified in TRENDnet TEW-713RE up to 1.02. The impacted element is an unknown function of the file /goform/setSysAdm. The manipulation of the argument admuser leads to command injection. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title		TRENDnet TEW-713RE setSysAdm command injection
First Time appeared		Trendnet Trendnet tew-713re Firmware
Weaknesses		CWE-74 CWE-77
CPEs		cpe:2.3:o:trendnet:tew-713re_firmware::::::::
Vendors & Products		Trendnet Trendnet tew-713re Firmware
References		https://github.com/panda666-888/vuls/blob/main/trendnet/tew-713re/setSysAdm.md https://vuldb.com/submit/780389 https://vuldb.com/vuln/354252 https://vuldb.com/vuln/354252/cti
Metrics		cvssV2_0 `{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Trendnet Tew-713re Tew-713re Firmware

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-03-31T06:45:22.567Z

Updated: 2026-03-31T13:46:36.074Z

Reserved: 2026-03-30T19:05:10.989Z

Link: CVE-2026-5184

Vulnrichment

Updated: 2026-03-31T13:46:31.247Z

NVD

Status : Analyzed

Published: 2026-03-31T07:16:12.437

Modified: 2026-04-30T17:09:47.430

Link: CVE-2026-5184

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-02T11:15:19Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object