CVE-2026-5184

MediumPublic PoCUpdated

Published: 31 March 2026

Published

31 March 2026

Modified

30 April 2026

KEV Added

—

Patch

—

CVSS Score 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0043 63.1th percentile

Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-5184 is a medium-severity Injection (CWE-74) vulnerability in Trendnet Tew-713Re Firmware. Its CVSS base score is 6.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 36.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly addresses command injection by requiring validation and sanitization of untrusted inputs like the 'admuser' argument in /goform/setSysAdm.

SI-2 Flaw Remediation good match

preventrecover

Mandates identification, reporting, and correction of flaws such as this command injection vulnerability through patching or other remediation.

RA-5 Vulnerability Monitoring and Scanning good match

detectrespond

Requires vulnerability scanning to identify and remediate this specific CVE in affected TRENDnet devices.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1210 Exploitation of Remote Services Lateral Movement

Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.

attack.mitre.org →

T1059 Command and Scripting Interpreter Execution

Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.

attack.mitre.org →

Why these techniques?

Command injection vulnerability in web endpoint (/goform/setSysAdm) allows remote exploitation of public-facing application (T1190) or remote services (T1210) with low privileges to achieve arbitrary command execution (T1059).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

A vulnerability was identified in TRENDnet TEW-713RE up to 1.02. The impacted element is an unknown function of the file /goform/setSysAdm. The manipulation of the argument admuser leads to command injection. The attack can be initiated remotely. The exploit is…

publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Deeper analysisAI

CVE-2026-5184 is a command injection vulnerability affecting TRENDnet TEW-713RE devices running firmware versions up to 1.02. The issue resides in an unknown function within the /goform/setSysAdm file, where manipulation of the "admuser" argument enables arbitrary command execution. Classified under CWE-74 (Improper Neutralization of Special Elements used in an SQL Command) and CWE-77 (Command Injection), it carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L), indicating medium severity.

The vulnerability can be exploited remotely by attackers who possess low privileges (PR:L), requiring no user interaction and low attack complexity over the network. Successful exploitation allows limited impacts on confidentiality, integrity, and availability, potentially enabling attackers to execute arbitrary commands on the device, such as altering configurations or running unauthorized processes within the context of the affected function.

Advisories from VulDB and related references, including a GitHub repository, document the issue but provide no vendor patches or mitigations, as TRENDnet was contacted early without response. The exploit is publicly available, increasing the risk of active use against unpatched devices.

In notable context, the public disclosure of the exploit on GitHub suggests potential for real-world exploitation, though no specific in-the-wild activity is confirmed in available data.

Details

CWE(s): CWE-74 CWE-77

Affected Products

trendnet

tew-713re firmware

1.02

CVEs Like This One

CVE-2026-5183Same product: Trendnet Tew-713Re

CVE-2025-15471Same product: Trendnet Tew-713Re

CVE-2025-15139Same vendor: Trendnet

CVE-2025-15137Same vendor: Trendnet

CVE-2025-15136Same vendor: Trendnet

CVE-2024-57590Same vendor: Trendnet

CVE-2026-7609Same vendor: Trendnet

CVE-2026-5355Same vendor: Trendnet

CVE-2025-15472Same vendor: Trendnet

CVE-2026-5352Same vendor: Trendnet

References

https://github.com/panda666-888/vuls/blob/main/trendnet/tew-713re/setSysAdm.md
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/submit/780389
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/vuln/354252
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/vuln/354252/cti
Permissions Required, VDB Entry · cna@vuldb.com