Skip to main content

Tew 657Brm EUVDEUVD-2026-18362

| CVE-2026-5351 LOW
OS Command Injection (CWE-78)
2026-04-02 VulDB GHSA-3w99-p9rf-w2qj
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

6
Severity Changed
Apr 29, 2026 - 01:11 NVD
MEDIUM LOW
CVSS changed
Apr 29, 2026 - 01:11 NVD
5.3 (MEDIUM) 2.1 (LOW)
PoC Detected
Apr 07, 2026 - 17:21 vuln.today
Public exploit code
EUVD ID Assigned
Apr 02, 2026 - 16:00 euvd
EUVD-2026-18362
Analysis Generated
Apr 02, 2026 - 16:00 vuln.today
CVE Published
Apr 02, 2026 - 15:45 nvd
MEDIUM 5.3

DescriptionCVE.org

A weakness has been identified in Trendnet TEW-657BRM 1.00.1. This affects the function add_wps_client of the file /setup.cgi. This manipulation of the argument wl_enrolee_pin causes os command injection. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer.

AnalysisAI

OS command injection in TrendNet TEW-657BRM 1.00.1 router allows authenticated remote attackers to execute arbitrary commands via manipulation of the wl_enrolee_pin parameter in the /setup.cgi add_wps_client function. The vendor discontinued this product in June 2011 and provides no support; publicly available exploit code exists but real-world risk is minimal given the product's 14+ year obsolescence and the authentication requirement.

Technical ContextAI

The vulnerability exists in a TrendNet wireless router's CGI-based web administration interface. The /setup.cgi script's add_wps_client function fails to properly sanitize the wl_enrolee_pin input parameter before passing it to an OS command execution context, allowing injection of arbitrary shell commands. This is a classic OS command injection vulnerability (CWE-78) where user-controlled input is concatenated into a system command without proper escaping or validation. The affected product is identified by CPE cpe:2.3:a:trendnet:tew-657brm:*:*:*:*:*:*:*:* and was a consumer/small-office wireless router from the early 2000s era.

RemediationAI

No patch is available or will be released, as confirmed by the vendor's statement regarding end-of-life status. Organizations must immediately remove affected TEW-657BRM routers from production and replace them with current, supported hardware. If temporary continued operation is unavoidable, implement network-level controls: restrict access to the /setup.cgi interface to trusted administrative IPs only via firewall rules, disable remote management features if possible, and isolate the device on a segregated management VLAN. Change default credentials immediately. Consult the vendor's product support page (https://www.trendnet.com/) for any legacy notices, though no patched firmware version will be forthcoming.

Share

EUVD-2026-18362 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy