Skip to main content

Tew 657Brm

6 CVEs product

Monthly

CVE-2026-5354 LOW POC Monitor

Remote authenticated command injection in TrendNet TEW-657BRM 1.00.1 allows manipulation of the policy_name parameter in /setup.cgi vpn_connect function to achieve operating system command execution with limited impact. The affected router has been end-of-life since June 2011 and is no longer supported by the vendor; however, publicly available exploit code exists and the vulnerability demonstrates real command injection capability despite the legacy product status.

Command Injection Tew 657Brm
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.8%
CVE-2026-5353 LOW POC Monitor

OS command injection in Trendnet TEW-657BRM 1.00.1 ping_test function allows authenticated remote attackers to execute arbitrary commands via manipulation of the c4_IPAddr parameter in /setup.cgi. Publicly available exploit code exists. The device has been end-of-life since June 2011 and is no longer supported by the vendor, making patching infeasible for affected users.

Command Injection Tew 657Brm
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.8%
CVE-2026-5352 LOW POC Monitor

Remote code execution via OS command injection in TrendNet TEW-657BRM 1.00.1 allows authenticated attackers to execute arbitrary commands through the pcdb_list parameter in /setup.cgi. The affected device has been end-of-life since June 2011 with no vendor support; publicly available exploit code exists but real-world impact is limited to legacy, unsupported hardware.

Command Injection Tew 657Brm
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.8%
CVE-2026-5351 LOW POC Monitor

OS command injection in TrendNet TEW-657BRM 1.00.1 router allows authenticated remote attackers to execute arbitrary commands via manipulation of the wl_enrolee_pin parameter in the /setup.cgi add_wps_client function. The vendor discontinued this product in June 2011 and provides no support; publicly available exploit code exists but real-world risk is minimal given the product's 14+ year obsolescence and the authentication requirement.

Command Injection Tew 657Brm
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.8%
CVE-2026-5350 HIGH POC Monitor

Stack-based buffer overflow in Trendnet TEW-657BRM 1.00.1 wireless router allows authenticated remote attackers to achieve code execution via the update_pcdb function in /setup.cgi by manipulating the mac_pc_dba parameter. This vulnerability affects a product discontinued since June 2011 (14+ years end-of-life) with no vendor support or patches available. Publicly available exploit code exists, elevating immediate risk for organizations still operating legacy deployments. CVSS 7.4 with low attack complexity and proof-of-concept availability make this a practical exploitation target despite requiring low-privilege authentication.

Buffer Overflow Stack Overflow Tew 657Brm
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2026-5349 HIGH POC Monitor

Stack-based buffer overflow in Trendnet TEW-657BRM router firmware 1.00.1 allows authenticated remote attackers to achieve arbitrary code execution via the mac_pc_dba parameter in /setup.cgi's add_apcdb function. The product was discontinued in 2011 and receives no vendor support. A public exploit exists on GitHub, significantly lowering the barrier for exploitation against unpatched devices still deployed in production environments.

Buffer Overflow Stack Overflow Tew 657Brm
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.0%
EPSS 1% CVSS 2.1
LOW POC Monitor

Remote authenticated command injection in TrendNet TEW-657BRM 1.00.1 allows manipulation of the policy_name parameter in /setup.cgi vpn_connect function to achieve operating system command execution with limited impact. The affected router has been end-of-life since June 2011 and is no longer supported by the vendor; however, publicly available exploit code exists and the vulnerability demonstrates real command injection capability despite the legacy product status.

Command Injection Tew 657Brm
NVD VulDB GitHub
EPSS 1% CVSS 2.1
LOW POC Monitor

OS command injection in Trendnet TEW-657BRM 1.00.1 ping_test function allows authenticated remote attackers to execute arbitrary commands via manipulation of the c4_IPAddr parameter in /setup.cgi. Publicly available exploit code exists. The device has been end-of-life since June 2011 and is no longer supported by the vendor, making patching infeasible for affected users.

Command Injection Tew 657Brm
NVD VulDB GitHub
EPSS 1% CVSS 2.1
LOW POC Monitor

Remote code execution via OS command injection in TrendNet TEW-657BRM 1.00.1 allows authenticated attackers to execute arbitrary commands through the pcdb_list parameter in /setup.cgi. The affected device has been end-of-life since June 2011 with no vendor support; publicly available exploit code exists but real-world impact is limited to legacy, unsupported hardware.

Command Injection Tew 657Brm
NVD VulDB GitHub
EPSS 1% CVSS 2.1
LOW POC Monitor

OS command injection in TrendNet TEW-657BRM 1.00.1 router allows authenticated remote attackers to execute arbitrary commands via manipulation of the wl_enrolee_pin parameter in the /setup.cgi add_wps_client function. The vendor discontinued this product in June 2011 and provides no support; publicly available exploit code exists but real-world risk is minimal given the product's 14+ year obsolescence and the authentication requirement.

Command Injection Tew 657Brm
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC Monitor

Stack-based buffer overflow in Trendnet TEW-657BRM 1.00.1 wireless router allows authenticated remote attackers to achieve code execution via the update_pcdb function in /setup.cgi by manipulating the mac_pc_dba parameter. This vulnerability affects a product discontinued since June 2011 (14+ years end-of-life) with no vendor support or patches available. Publicly available exploit code exists, elevating immediate risk for organizations still operating legacy deployments. CVSS 7.4 with low attack complexity and proof-of-concept availability make this a practical exploitation target despite requiring low-privilege authentication.

Buffer Overflow Stack Overflow Tew 657Brm
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC Monitor

Stack-based buffer overflow in Trendnet TEW-657BRM router firmware 1.00.1 allows authenticated remote attackers to achieve arbitrary code execution via the mac_pc_dba parameter in /setup.cgi's add_apcdb function. The product was discontinued in 2011 and receives no vendor support. A public exploit exists on GitHub, significantly lowering the barrier for exploitation against unpatched devices still deployed in production environments.

Buffer Overflow Stack Overflow Tew 657Brm
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy