Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionCVE.org
A weakness has been identified in Trendnet TEW-657BRM 1.00.1. This affects the function add_wps_client of the file /setup.cgi. This manipulation of the argument wl_enrolee_pin causes os command injection. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer.
AnalysisAI
OS command injection in TrendNet TEW-657BRM 1.00.1 router allows authenticated remote attackers to execute arbitrary commands via manipulation of the wl_enrolee_pin parameter in the /setup.cgi add_wps_client function. The vendor discontinued this product in June 2011 and provides no support; publicly available exploit code exists but real-world risk is minimal given the product's 14+ year obsolescence and the authentication requirement.
Technical ContextAI
The vulnerability exists in a TrendNet wireless router's CGI-based web administration interface. The /setup.cgi script's add_wps_client function fails to properly sanitize the wl_enrolee_pin input parameter before passing it to an OS command execution context, allowing injection of arbitrary shell commands. This is a classic OS command injection vulnerability (CWE-78) where user-controlled input is concatenated into a system command without proper escaping or validation. The affected product is identified by CPE cpe:2.3:a:trendnet:tew-657brm:*:*:*:*:*:*:*:* and was a consumer/small-office wireless router from the early 2000s era.
RemediationAI
No patch is available or will be released, as confirmed by the vendor's statement regarding end-of-life status. Organizations must immediately remove affected TEW-657BRM routers from production and replace them with current, supported hardware. If temporary continued operation is unavoidable, implement network-level controls: restrict access to the /setup.cgi interface to trusted administrative IPs only via firewall rules, disable remote management features if possible, and isolate the device on a segregated management VLAN. Change default credentials immediately. Consult the vendor's product support page (https://www.trendnet.com/) for any legacy notices, though no patched firmware version will be forthcoming.
More in Tew 657Brm
View allStack-based buffer overflow in Trendnet TEW-657BRM 1.00.1 wireless router allows authenticated remote attackers to achie
Stack-based buffer overflow in Trendnet TEW-657BRM router firmware 1.00.1 allows authenticated remote attackers to achie
Remote authenticated command injection in TrendNet TEW-657BRM 1.00.1 allows manipulation of the policy_name parameter in
OS command injection in Trendnet TEW-657BRM 1.00.1 ping_test function allows authenticated remote attackers to execute a
Remote code execution via OS command injection in TrendNet TEW-657BRM 1.00.1 allows authenticated attackers to execute a
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-18362
GHSA-3w99-p9rf-w2qj