Vulnerability-Lookup

CNVD-2026-17903

Vulnerability from cnvd - Published: 2026-04-21

Title

TRENDnet TEW-713RE命令注入漏洞

Description

TRENDnet TEW-713RE是美国趋势网络（TRENDnet）公司的一款无线网络范围延展器。 TRENDnet TEW-713RE存在命令注入漏洞，该漏洞源于对文件/goform/addRouting中参数dest的错误操作，攻击者可利用该漏洞导致任意命令执行。

Severity

中

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://github.com/panda666-888/vuls/blob/main/trendnet/tew-713re/addRouting.md

Reference

https://nvd.nist.gov/vuln/detail/CVE-2026-5183

Impacted products

Name
TRENDnet TEW-713RE <=1.02

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2026-5183",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2026-5183"
    }
  },
  "description": "TRENDnet TEW-713RE\u662f\u7f8e\u56fd\u8d8b\u52bf\u7f51\u7edc\uff08TRENDnet\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u7f51\u7edc\u8303\u56f4\u5ef6\u5c55\u5668\u3002\n\nTRENDnet TEW-713RE\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5bf9\u6587\u4ef6/goform/addRouting\u4e2d\u53c2\u6570dest\u7684\u9519\u8bef\u64cd\u4f5c\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u4efb\u610f\u547d\u4ee4\u6267\u884c\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://github.com/panda666-888/vuls/blob/main/trendnet/tew-713re/addRouting.md",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2026-17903",
  "openTime": "2026-04-21",
  "products": {
    "product": "TRENDnet TEW-713RE \u003c=1.02"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2026-5183",
  "serverity": "\u4e2d",
  "submitTime": "2026-04-10",
  "title": "TRENDnet TEW-713RE\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}

CVE-2026-5183 (GCVE-0-2026-5183)

Vulnerability from cvelistv5 – Published: 2026-03-31 05:45 – Updated: 2026-04-02 14:59

Title

TRENDnet TEW-713RE addRouting sub_421494 command injection

Summary

A vulnerability was determined in TRENDnet TEW-713RE up to 1.02. The affected element is the function sub_421494 of the file /goform/addRouting. Executing a manipulation of the argument dest can lead to command injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Severity ?

5.3 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

6.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

CWE

CWE-77 - Command Injection
CWE-74 - Injection

Assigner

VulDB

References

URL

Tags

	https://vuldb.com/vuln/354251	vdb-entrytechnical-description
	https://vuldb.com/vuln/354251/cti	signaturepermissions-required
	https://vuldb.com/submit/780387	third-party-advisory
	https://github.com/panda666-888/vuls/blob/main/tr…	exploit

Impacted products

	Vendor	Product	Version
	TRENDnet	TEW-713RE	Affected: 1.02 cpe:2.3:o:trendnet:tew-713re_firmware::::::::

Credits

panda_0x1 (VulDB User) VulDB

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-5183",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-02T14:59:17.044791Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-02T14:59:28.115Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:trendnet:tew-713re_firmware:*:*:*:*:*:*:*:*"
          ],
          "product": "TEW-713RE",
          "vendor": "TRENDnet",
          "versions": [
            {
              "status": "affected",
              "version": "1.02"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "panda_0x1 (VulDB User)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulDB"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was determined in TRENDnet TEW-713RE up to 1.02. The affected element is the function sub_421494 of the file /goform/addRouting. Executing a manipulation of the argument dest can lead to command injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.5,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-74",
              "description": "Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-31T05:45:17.383Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-354251 | TRENDnet TEW-713RE addRouting sub_421494 command injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/vuln/354251"
        },
        {
          "name": "VDB-354251 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/354251/cti"
        },
        {
          "name": "Submit #780387 | TRENDnet TEW-713RE 1.02 Command Injection",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/780387"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/panda666-888/vuls/blob/main/trendnet/tew-713re/addRouting.md"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-03-30T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-03-30T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-03-30T21:10:16.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "TRENDnet TEW-713RE addRouting sub_421494 command injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-5183",
    "datePublished": "2026-03-31T05:45:17.383Z",
    "dateReserved": "2026-03-30T19:05:07.402Z",
    "dateUpdated": "2026-04-02T14:59:28.115Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2026-17903

CVE-2026-5183 (GCVE-0-2026-5183)

Tags

Sightings

Nomenclature