Skip to main content

Tew 657Brm EUVDEUVD-2026-18410

| CVE-2026-5354 LOW
OS Command Injection (CWE-78)
2026-04-02 VulDB GHSA-j222-qjwr-c34g
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

6
Severity Changed
Apr 29, 2026 - 01:11 NVD
MEDIUM LOW
CVSS changed
Apr 29, 2026 - 01:11 NVD
5.3 (MEDIUM) 2.1 (LOW)
PoC Detected
Apr 07, 2026 - 17:24 vuln.today
Public exploit code
EUVD ID Assigned
Apr 02, 2026 - 17:00 euvd
EUVD-2026-18410
Analysis Generated
Apr 02, 2026 - 17:00 vuln.today
CVE Published
Apr 02, 2026 - 16:30 nvd
MEDIUM 5.3

DescriptionCVE.org

A flaw has been found in Trendnet TEW-657BRM 1.00.1. Affected by this vulnerability is the function vpn_connect of the file /setup.cgi. Executing a manipulation of the argument policy_name can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer.

AnalysisAI

Remote authenticated command injection in TrendNet TEW-657BRM 1.00.1 allows manipulation of the policy_name parameter in /setup.cgi vpn_connect function to achieve operating system command execution with limited impact. The affected router has been end-of-life since June 2011 and is no longer supported by the vendor; however, publicly available exploit code exists and the vulnerability demonstrates real command injection capability despite the legacy product status.

Technical ContextAI

The vulnerability exploits improper input validation in the vpn_connect function of /setup.cgi on the TrendNet TEW-657BRM wireless router. The flaw is classified under CWE-78 (Improper Neutralization of Special Elements used in an OS Command), indicating that the application fails to sanitize or escape user-supplied input before passing it to system command execution routines. The policy_name parameter is directly concatenated into an OS command without proper validation, allowing an authenticated attacker to inject arbitrary shell metacharacters and commands. The CPE cpe:2.3:a:trendnet:tew-657brm indicates the specific vulnerable router model across all versions below 1.00.1.

RemediationAI

No vendor-released patch identified at time of analysis, as the manufacturer discontinued the TEW-657BRM over 14 years ago and explicitly stated they cannot confirm or remediate vulnerabilities in this end-of-life product. Organizations operating this router should immediately plan its replacement with a current-generation supported model from TrendNet or an alternative vendor. If operational continuity is temporarily required, isolate the router to a dedicated network segment with strict access controls and disable remote management features. For detailed vulnerability context, refer to https://vuldb.com/vuln/354707 and the proof-of-concept documentation at https://github.com/panda666-888/vuls/blob/main/trendnet/tew-657brm/vpn_connect.md.

Share

EUVD-2026-18410 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy