CVE-2019-25483
Published: 11 March 2026
Summary
CVE-2019-25483 is a high-severity Missing Authentication for Critical Function (CWE-306) vulnerability. Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked at the 2.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2019-25483 is a restricted shell escape vulnerability affecting the Comtrend AR-5310 router with firmware version GE31-412SSG-C01_R10.A2pG039u.d24k. The flaw enables local users to bypass command restrictions by leveraging the command substitution operator $( ) to inject arbitrary commands. This occurs when such syntax is passed as arguments to permitted commands like ping, resulting in unrestricted shell access. The vulnerability carries a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-306 (Missing Authentication for Critical Function).
The attack requires local access to the device but no authentication privileges (PR:N), making it exploitable by any local user. Attackers can craft inputs using the $( ) operator within allowed commands to execute arbitrary shell commands, bypassing the restricted shell environment. Successful exploitation grants high-impact privileges, including full confidentiality, integrity, and availability compromise through unrestricted shell access.
Advisories such as the Vulncheck report (https://www.vulncheck.com/advisories/comtrend-ar-5310-ge31-412ssg-c01-r10-a2pg039u-d24k-restricted-shell-escape) detail the vulnerability, and a proof-of-concept exploit is publicly available on Exploit-DB (https://www.exploit-db.com/exploits/47149). No patches or specific mitigation guidance are mentioned in the provided references.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2019-19761
Vulnerability details
Comtrend AR-5310 GE31-412SSG-C01_R10.A2pG039u.d24k contains a restricted shell escape vulnerability that allows local users to bypass command restrictions by using the command substitution operator $( ). Attackers can inject arbitrary commands through the $( ) syntax when passed as arguments to…
more
allowed commands like ping to execute unrestricted shell access.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct restricted Unix shell escape via command substitution enables arbitrary command execution (T1059.004) and indirect command execution through permitted utilities (T1202).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly validates and sanitizes command arguments to allowed utilities like ping, preventing injection of command substitution $( ) that enables shell escapes.
Enforces strict access control policies in the restricted shell to block unauthorized command execution beyond permitted functions.
Applies least privilege to local users and shell processes, limiting the scope and impact of any successful command injection escapes.