Tew 657Brm Firmware CVE-2026-5355

Q: What is the CVSS score of CVE-2026-5355?

CVE-2026-5355 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.8%.

EUVD-2026-18412 LOW

Command Injection (CWE-77)

2026-04-02 cna@vuldb.com

GHSA-64fp-48cj-ffvx

Command Injection Tew 657Brm Firmware

2.1

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

2.1 LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

Apr 29, 2026 - 01:11 NVD

MEDIUM LOW

CVSS changed

Apr 29, 2026 - 01:11 NVD

5.3 (MEDIUM) 2.1 (LOW)

EUVD ID Assigned

Apr 02, 2026 - 17:22 euvd

EUVD-2026-18412

Analysis Generated

Apr 02, 2026 - 17:22 vuln.today

CVE Published

Apr 02, 2026 - 17:16 nvd

MEDIUM 5.3

DescriptionCVE.org

A vulnerability has been found in Trendnet TEW-657BRM 1.00.1. Affected by this issue is the function vpn_drop of the file /setup.cgi. The manipulation of the argument policy_name leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer.

AnalysisAI

Remote authenticated OS command injection in TrendNet TEW-657BRM 1.00.1 router via the vpn_drop function in /setup.cgi allows low-privileged attackers to execute arbitrary commands with limited impact on system confidentiality, integrity, and availability. The vendor confirmed the product reached end-of-life on June 23, 2011, and will not provide support or patches. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	While the CVSS v4.0 base score of 5.3 appears modest, the risk assessment is heavily mitigated by the product's end-of-life status since June 2011-over 14 years prior to disclosure. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An authenticated attacker on the network (e.g., via compromised credentials or insider threat) accesses the router's web management interface at /setup.cgi, submits a crafted request to the vpn_drop function with a malicious policy_name argument containing shell metacharacters (e.g., 'policy; whoami;'), and bypasses insufficient input validation to execute arbitrary OS commands with the privileges of the web service process. Public exploit code provides a ready-made proof-of-concept for this attack.
Remediation	No vendor-released patch exists, as TrendNet confirmed the product is discontinued and will not receive further support or updates. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-5355 vulnerability details – vuln.today

Back