Cyber Resilience

CVE-2026-5184

LowPublic PoC

Published: 31 March 2026

Published
31 March 2026
Modified
30 April 2026
KEV Added
Patch
CVSS Score v4 2.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0581 92.2th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2026-5184 is a low-severity Injection (CWE-74) vulnerability in Trendnet Tew-713Re Firmware. Its CVSS base score is 2.1 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 7.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Deeper analysis

A command injection vulnerability exists in the TRENDnet TEW-713RE wireless range extender up to firmware version 1.02. The flaw resides in an unspecified function within the /goform/setSysAdm endpoint, where unsanitized input supplied to the admuser argument is passed to a system command. The issue is tracked under CWE-74 and CWE-77 and carries a CVSS 4.0 score of 2.1.

An authenticated remote attacker can supply a crafted admuser value to execute arbitrary operating-system commands on the device. Because the attack requires only low privileges and no user interaction, an adversary who has obtained valid credentials or who can reach the web interface can achieve limited control over confidentiality, integrity, and availability of the affected extender. A publicly available proof-of-concept exploit has been posted on GitHub.

No vendor advisory, patch, or mitigation guidance has been issued; TRENDnet was notified prior to disclosure but did not respond. The public references consist solely of the exploit description and Vuldb entries.

EPSS for the CVE rose from a low baseline to a peak of 0.0141 on 2026-04-06 before receding, indicating measurable exploitation interest shortly after publication.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A vulnerability was identified in TRENDnet TEW-713RE up to 1.02. The impacted element is an unknown function of the file /goform/setSysAdm. The manipulation of the argument admuser leads to command injection. The attack can be initiated remotely. The exploit is…

more

publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Why these techniques?

Command injection vulnerability in web endpoint (/goform/setSysAdm) allows remote exploitation of public-facing application (T1190) or remote services (T1210) with low privileges to achieve arbitrary command execution (T1059).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-5183Same product: Trendnet Tew-713Re
CVE-2025-15471Same product: Trendnet Tew-713Re
CVE-2025-15139Same vendor: Trendnet
CVE-2025-15137Same vendor: Trendnet
CVE-2025-15136Same vendor: Trendnet
CVE-2026-10061Same vendor: Trendnet
CVE-2026-10060Same vendor: Trendnet
CVE-2024-57590Same vendor: Trendnet
CVE-2026-7609Same vendor: Trendnet
CVE-2026-5354Same vendor: Trendnet

Affected Assets

trendnet
tew-713re firmware
1.02

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses command injection by requiring validation and sanitization of untrusted inputs like the 'admuser' argument in /goform/setSysAdm.

preventrecover

Mandates identification, reporting, and correction of flaws such as this command injection vulnerability through patching or other remediation.

detectrespond

Requires vulnerability scanning to identify and remediate this specific CVE in affected TRENDnet devices.

References