Description
A security vulnerability has been detected in Trendnet TEW-657BRM 1.00.1. This impacts the function Edit of the file /setup.cgi. Such manipulation of the argument pcdb_list leads to os command injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer.
Published: 2026-04-02
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote Command Execution
Action: Assess
AI Analysis

Impact

The vulnerability resides in the Edit function of /setup.cgi in Trendnet TEW-657BRM firmware 1.00.1, where improper validation of the pcdb_list argument permits an attacker to inject arbitrary operating‑system commands. Successful exploitation would allow remote execution of any shell command on the device, potentially leading to full control of the appliance. This weakness is classified as command injection (CWE-77) and process control abuse (CWE-78).

Affected Systems

Trendnet TEW-657BRM routers running firmware version 1.00.1 are affected. The device has been discontinued and reached end‑of‑life on June 23, 2011, and is no longer supported by the vendor, meaning no security updates will be provided.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate severity, and while the EPSS score is not available, the vulnerability has been publicly disclosed and can be triggered remotely via the web interface. Because the product is already EOL and unmaintained, the risk of exploitation remains as long as the device is in use, especially if it is exposed to the internet or an untrusted network.

Generated by OpenCVE AI on April 2, 2026 at 22:59 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Replace or uninstall the TEW-657BRM device and deploy a supported, secure router
  • Block or restrict remote access to the /setup.cgi endpoint using firewall or ACL rules
  • Restrict management traffic to trusted IP ranges only
  • Monitor device logs for anomalous command execution attempts

Generated by OpenCVE AI on April 2, 2026 at 22:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Trendnet tew-657brm
Vendors & Products Trendnet tew-657brm

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A security vulnerability has been detected in Trendnet TEW-657BRM 1.00.1. This impacts the function Edit of the file /setup.cgi. Such manipulation of the argument pcdb_list leads to os command injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer.
Title Trendnet TEW-657BRM setup.cgi edit os command injection
First Time appeared Trendnet
Trendnet tew-657brm Firmware
Weaknesses CWE-77
CWE-78
CPEs cpe:2.3:o:trendnet:tew-657brm_firmware:*:*:*:*:*:*:*:*
Vendors & Products Trendnet
Trendnet tew-657brm Firmware
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Trendnet Tew-657brm Tew-657brm Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-02T17:38:37.073Z

Reserved: 2026-04-01T16:47:11.901Z

Link: CVE-2026-5352

cve-icon Vulnrichment

Updated: 2026-04-02T17:38:31.846Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-02T17:16:31.817

Modified: 2026-04-03T16:10:23.730

Link: CVE-2026-5352

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-03T09:18:38Z

Weaknesses