Description
A weakness has been identified in Trendnet TEW-657BRM 1.00.1. This affects the function add_wps_client of the file /setup.cgi. This manipulation of the argument wl_enrolee_pin causes os command injection. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer.
Published: 2026-04-02
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote OS Command Injection
Action: Assess Impact
AI Analysis

Impact

The vulnerability allows an attacker to inject arbitrary operating‑system commands through the wl_enrolee_pin parameter in the add_wps_client function of the setup.cgi web interface. This is a classic OS command injection flaw, mapped to CWE‑77 and CWE‑78. If successfully exploited, an attacker can execute any commands on the device, compromising the confidentiality, integrity and availability of the network equipment.

Affected Systems

The affected hardware is the Trendnet TEW‑657BRM wireless router, firmware version 1.00.1, which has been end of life for more than fourteen years. The product is no longer supported by the vendor, and no patch or update is available. Only this specific firmware release is known to contain the flaw, accessible via the standard web management portal.

Risk and Exploitability

CVSS v3.1 gives the bug a score of 5.3, indicating moderate severity. The EPSS probability is 1 %, suggesting low likelihood of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. However, exploitation code is publicly available and the flaw can be triggered remotely by anyone who can reach the router’s web interface. Because the device is discontinued, the safest posture is to remove it from exposure or replace it with a supported alternative.

Generated by OpenCVE AI on April 7, 2026 at 23:32 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Perform an inventory to identify any Trendnet TEW‑657BRM devices still in operation.
  • Restrict external traffic to the device’s web interface by configuring firewall rules or placing the router behind a DMZ, ensuring only trusted internal hosts can reach it.
  • Replace the router with a current model that receives security patches, or reflash to a supported firmware if available.
  • If replacement or reflashing is not possible, disable the wireless‑protected setup feature (WPS) or restrict it to internal access only.
  • Continuously monitor logs and network traffic for signs of command‑injection attempts or exploitation activity.

Generated by OpenCVE AI on April 7, 2026 at 23:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:h:trendnet:tew-657brm:-:*:*:*:*:*:*:*
cpe:2.3:o:trendnet:tew-657brm_firmware:1.00.1:*:*:*:*:*:*:*

Fri, 03 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Trendnet tew-657brm
Vendors & Products Trendnet tew-657brm

Thu, 02 Apr 2026 16:00:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in Trendnet TEW-657BRM 1.00.1. This affects the function add_wps_client of the file /setup.cgi. This manipulation of the argument wl_enrolee_pin causes os command injection. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer.
Title Trendnet TEW-657BRM setup.cgi add_wps_client os command injection
First Time appeared Trendnet
Trendnet tew-657brm Firmware
Weaknesses CWE-77
CWE-78
CPEs cpe:2.3:o:trendnet:tew-657brm_firmware:*:*:*:*:*:*:*:*
Vendors & Products Trendnet
Trendnet tew-657brm Firmware
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Trendnet Tew-657brm Tew-657brm Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-03T19:58:42.244Z

Reserved: 2026-04-01T16:47:08.739Z

Link: CVE-2026-5351

cve-icon Vulnrichment

Updated: 2026-04-03T19:58:36.458Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-02T16:16:28.093

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-5351

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:55:36Z

Weaknesses