CVE-2026-5184 - Vulnerability Details

- TRENDnet TEW-713RE setSysAdm command injection

Description

A vulnerability was identified in TRENDnet TEW-713RE up to 1.02. The impacted element is an unknown function of the file /goform/setSysAdm. The manipulation of the argument admuser leads to command injection. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Published: 2026-03-31

Score: 5.3 Medium

EPSS: 1.4% Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability resides in the /goform/setSysAdm endpoint of TRENDnet TEW-713RE firmware versions up to 1.02. It allows an unauthenticated attacker to supply a crafted admuser argument that causes the device to execute arbitrary shell commands. This command injection can lead to remote code execution, potentially compromising the confidentiality, integrity, and availability of the device and associated network resources.

Affected Systems

The affected product is TRENDnet TEW-713RE running firmware version 1.02 or earlier. No other vendors or products are listed as vulnerable. The flaw applies to all units with the specified firmware, regardless of network configuration, as long as the management interface is reachable.

Risk and Exploitability

The CVSS score of 5.3 rates this issue as moderate severity; no EPSS score is available, so the probability of exploitation remains uncertain. Public exploits are known, and the attack can be launched remotely over the network by sending a specially crafted request to /goform/setSysAdm. The flaw is not included in CISA’s KEV catalog. Successful exploitation requires no authentication and relies solely on network connectivity to the device’s management interface.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

TRENDnet

TEW-713RE

affected

Version	Status	Constraints
`1.02`	affected	—

No data.

Vendor Product Confidence Versions

Trendnet

Tew-713re

100%

Version	Status	Scheme	Platform
`1.02`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the device firmware to a version newer than 1.02 to remove the vulnerable /goform/setSysAdm functionality.
If a firmware update is not immediately available, restrict access to the management interface by applying firewall rules or limiting it to trusted IP addresses.
Disable remote management functions if they are not required for operation.
Monitor system logs for unusual traffic to /goform/setSysAdm and investigate any suspicious activity.

Generated by OpenCVE AI on March 31, 2026 at 08:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.01409.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/panda666-888/vuls/blob/main/trendnet/tew-713re/setSysAdm.md
https://vuldb.com/submit/780389
https://vuldb.com/vuln/354252
https://vuldb.com/vuln/354252/cti

History

Wed, 01 Apr 2026 02:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Trendnet tew-713re
Vendors & Products		Trendnet tew-713re

Tue, 31 Mar 2026 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 31 Mar 2026 07:00:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was identified in TRENDnet TEW-713RE up to 1.02. The impacted element is an unknown function of the file /goform/setSysAdm. The manipulation of the argument admuser leads to command injection. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title		TRENDnet TEW-713RE setSysAdm command injection
First Time appeared		Trendnet Trendnet tew-713re Firmware
Weaknesses		CWE-74 CWE-77
CPEs		cpe:2.3:o:trendnet:tew-713re_firmware::::::::
Vendors & Products		Trendnet Trendnet tew-713re Firmware
References		https://github.com/panda666-888/vuls/blob/main/trendnet/tew-713re/setSysAdm.md https://vuldb.com/submit/780389 https://vuldb.com/vuln/354252 https://vuldb.com/vuln/354252/cti
Metrics		cvssV2_0 `{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Trendnet Tew-713re Tew-713re Firmware

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-03-31T06:45:22.567Z

Updated: 2026-03-31T13:46:36.074Z

Reserved: 2026-03-30T19:05:10.989Z

Link: CVE-2026-5184

Vulnrichment

Updated: 2026-03-31T13:46:31.247Z

NVD

Status : Awaiting Analysis

Published: 2026-03-31T07:16:12.437

Modified: 2026-04-01T14:24:02.583

Link: CVE-2026-5184

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-31T20:39:25Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object