Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.6
Comtrend Router Allows Local Users to Run Unauthorized Commands
CVE-2019-25483
Summary
A security flaw in the Comtrend AR-5310 router allows an attacker with local access to bypass security restrictions and run unauthorized commands, potentially allowing malicious activity. This is a concern for users who have not properly secured their router. To protect yourself, you should update your router's firmware as soon as possible.
Original title
Comtrend AR-5310 GE31-412SSG-C01_R10.A2pG039u.d24k contains a restricted shell escape vulnerability that allows local users to bypass command restrictions by using the command substitution operator...
Original description
Comtrend AR-5310 GE31-412SSG-C01_R10.A2pG039u.d24k contains a restricted shell escape vulnerability that allows local users to bypass command restrictions by using the command substitution operator $( ). Attackers can inject arbitrary commands through the $( ) syntax when passed as arguments to allowed commands like ping to execute unrestricted shell access.
nvd CVSS3.1
8.4
nvd CVSS4.0
8.6
Vulnerability type
CWE-306
Missing Authentication for Critical Function
Published: 11 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026