Description
A vulnerability has been found in Trendnet TEW-657BRM 1.00.1. Affected by this issue is the function vpn_drop of the file /setup.cgi. The manipulation of the argument policy_name leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer.
Published: 2026-04-02
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote Command Execution
Action: Replace Device
AI Analysis

Impact

A security flaw occurs in the /setup.cgi vpn_drop handler of Trendnet TEW‑657BRM firmware 1.00.1. The policy_name parameter is used without proper validation, enabling an attacker to execute arbitrary shell commands on the underlying operating system. This represents an OS command injection vulnerability (CWE‑78) and also a command path injection flaw (CWE‑77). If exploited, the attacker gains remote command execution capability via the device’s management web interface.

Affected Systems

Only the Trendnet TEW‑657BRM model running firmware version 1.00.1 is identified as vulnerable. The device has been out of support since June 23 2011 and is no longer maintained by the vendor, so no official patch or update is available.

Risk and Exploitability

According to the score system, the CVSS base score is 5.3, indicating moderate severity, while the EPSS probability is 1 %. The vulnerability is not listed in the CISA KEV catalogue. Attackers would need network reachability to the device’s HTTP management interface to send a crafted policy_name value. Without a vendor fix, the risk remains elevated for any environment still operating the hardware, as remote code execution could lead to full control of the network appliance.

Generated by OpenCVE AI on April 7, 2026 at 23:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Replace the TEW‑657BRM with a modern, supported router or firewall that receives security updates.
  • If replacement is not immediately possible, isolate the device from external or untrusted networks and limit management access to an internal secure subnet.
  • Disable the VPN drop feature through the web interface, if such an option exists, to block the vulnerable command path.
  • Monitor incoming requests to /setup.cgi for suspicious activity and respond to any detected exploitation attempts.
  • Regularly check Trendnet or third‑party websites for firmware updates or security advisories and apply them as soon as they become available.

Generated by OpenCVE AI on April 7, 2026 at 23:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:h:trendnet:tew-657brm:-:*:*:*:*:*:*:*
cpe:2.3:o:trendnet:tew-657brm_firmware:1.00.1:*:*:*:*:*:*:*

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Trendnet tew-657brm
Vendors & Products Trendnet tew-657brm

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in Trendnet TEW-657BRM 1.00.1. Affected by this issue is the function vpn_drop of the file /setup.cgi. The manipulation of the argument policy_name leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer.
Title Trendnet TEW-657BRM setup.cgi vpn_drop os command injection
First Time appeared Trendnet
Trendnet tew-657brm Firmware
Weaknesses CWE-77
CWE-78
CPEs cpe:2.3:o:trendnet:tew-657brm_firmware:*:*:*:*:*:*:*:*
Vendors & Products Trendnet
Trendnet tew-657brm Firmware
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Trendnet Tew-657brm Tew-657brm Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-02T18:59:51.603Z

Reserved: 2026-04-01T16:47:21.513Z

Link: CVE-2026-5355

cve-icon Vulnrichment

Updated: 2026-04-02T18:59:46.165Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-02T17:16:32.510

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-5355

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:55:31Z

Weaknesses