CVE-2019-25483
Received Received - Intake
Restricted Shell Escape in Comtrend AR-5310 Enables Command Injection

Publication date: 2026-03-11

Last updated on: 2026-03-11

Assigner: VulnCheck

Description
Comtrend AR-5310 GE31-412SSG-C01_R10.A2pG039u.d24k contains a restricted shell escape vulnerability that allows local users to bypass command restrictions by using the command substitution operator $( ). Attackers can inject arbitrary commands through the $( ) syntax when passed as arguments to allowed commands like ping to execute unrestricted shell access.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Affected Vendors & Products
Vendor Product Version
comtrend ar-5310 *
comtrend ar-5310 From ge31-412ssg-c01_r10.a2pg039u.d24k (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

[{'type': 'paragraph', 'content': 'The Comtrend AR-5310 router uses a restricted shell environment that limits users to a set of allowed commands like ping, reboot, and ifconfig. However, it fails to filter the command substitution operator "$()", which allows local users to bypass these restrictions.'}, {'type': 'paragraph', 'content': 'By using the "$()" syntax, an attacker can inject arbitrary commands inside allowed commands. For example, running a command like `ping $(sh)` spawns a shell subprocess, escaping the restricted shell and enabling execution of unrestricted commands.'}, {'type': 'paragraph', 'content': 'This vulnerability allows local users to execute arbitrary commands beyond the restricted command list, potentially leading to unauthorized system access or privilege escalation.'}] [1]


How can this vulnerability impact me? :

This vulnerability can allow a local attacker to bypass command restrictions and execute arbitrary commands on the affected Comtrend AR-5310 router.

  • Unauthorized system access by escaping the restricted shell environment.
  • Potential privilege escalation, giving attackers higher-level control over the device.
  • Execution of arbitrary commands could lead to disruption of network services or compromise of sensitive data.

How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by testing if the restricted shell on the Comtrend AR-5310 router allows command substitution using the "$()" operator. Since common shell operators like ";", "&", "|", and backticks are filtered, but "$()" is not, you can attempt to execute commands using this syntax to verify if the shell escapes restrictions.'}, {'type': 'list_item', 'content': 'Try running a command such as: ping $(sh) — if this spawns a shell subprocess or executes arbitrary commands, the vulnerability is present.'}, {'type': 'list_item', 'content': 'Check for unexpected shell access or command execution beyond the allowed commands (help, logout, reboot, ping, ifconfig, traceroute, etc.) by using the "$()" syntax in arguments to these commands.'}] [1]


What immediate steps should I take to mitigate this vulnerability?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart
Meta Information
CVE Publication Date:
2026-03-11
CVE Last Modified Date:
2026-03-11
Report Generation Date:
2026-04-01
AI Powered Q&A Generation:
2026-03-11
EPSS Last Evaluated Date:
2026-03-31
NVD Report Link:
EUVD Report Link: