Skip to main content

Tew 713Re EUVDEUVD-2026-17331

| CVE-2026-5183 LOW
Command Injection (CWE-77)
2026-03-31 VulDB GHSA-rqfv-fqvg-7p3j
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

6
Severity Changed
Apr 29, 2026 - 01:11 NVD
MEDIUM LOW
CVSS changed
Apr 29, 2026 - 01:11 NVD
5.3 (MEDIUM) 2.1 (LOW)
PoC Detected
Apr 01, 2026 - 14:24 vuln.today
Public exploit code
EUVD ID Assigned
Mar 31, 2026 - 06:00 euvd
EUVD-2026-17331
Analysis Generated
Mar 31, 2026 - 06:00 vuln.today
CVE Published
Mar 31, 2026 - 05:45 nvd
MEDIUM 5.3

DescriptionCVE.org

A vulnerability was determined in TRENDnet TEW-713RE up to 1.02. The affected element is the function sub_421494 of the file /goform/addRouting. Executing a manipulation of the argument dest can lead to command injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Command injection in TRENDnet TEW-713RE firmware up to version 1.02 allows authenticated remote attackers to execute arbitrary commands via manipulation of the dest parameter in the /goform/addRouting function. The vulnerability has a CVSS score of 6.3 and publicly available exploit code exists; the vendor has not responded to early disclosure attempts, leaving affected devices without an official patch.

Technical ContextAI

The vulnerability resides in the sub_421494 function within the /goform/addRouting endpoint of TRENDnet TEW-713RE router firmware. This endpoint processes routing configuration requests and fails to properly validate or sanitize the dest parameter before passing it to shell command execution, creating a CWE-77 (Improper Neutralization of Special Elements used in a Command) condition. Attackers can inject shell metacharacters and command separators to break out of the intended command context and execute arbitrary system commands with the privileges of the router's web service process. The attack vector is network-based but requires authenticated access (PR:L per CVSS vector), meaning the attacker must first obtain valid router credentials.

RemediationAI

No vendor-released patch identified at time of analysis. TRENDnet has not responded to early disclosure notifications regarding this vulnerability. Organizations operating TEW-713RE devices should consider implementing network segmentation to restrict access to the router's administrative interface, enforce strong authentication credentials to limit credential compromise risk, and monitor for exploitation attempts targeting the /goform/addRouting endpoint. Users should review TRENDnet's support page for any available firmware updates or consider upgrading to a newer router model if this device is critical to network operations. A detailed technical breakdown of the vulnerability is available at https://github.com/panda666-888/vuls/blob/main/trendnet/tew-713re/addRouting.md.

Share

EUVD-2026-17331 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy