CVE-2026-5353
OS Command Injection in Trendnet TEW-657BRM /setup.cgi Ping Test
Publication date: 2026-04-02
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| trendnet | tew-657brm_firmware | 1.00.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the CVE-2026-5353 vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2026-5353 is a remote OS command injection vulnerability in the Trendnet TEW-657BRM router, version 1.00.1. It exists in the ping_test function of the setup.cgi script, where the user-supplied parameter c4_IPAddr is passed directly to a system command without any input validation or sanitization.
This allows an attacker with valid admin credentials to remotely inject and execute arbitrary operating system commands by manipulating the c4_IPAddr parameter in an HTTP POST request.
A proof-of-concept exploit demonstrates this by executing commands such as listing directory contents and saving the output to a file on the device.
How can this vulnerability impact me? :
This vulnerability can allow an attacker with admin access to remotely execute arbitrary commands on the affected router, potentially leading to unauthorized control over the device.
Such control could be used to manipulate device settings, access sensitive network information, disrupt network operations, or use the device as a foothold for further attacks within the network.
Since the product is discontinued and no longer supported, patches or fixes are not available, increasing the risk if the device remains in use.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the /setup.cgi endpoint on the Trendnet TEW-657BRM router, specifically targeting the ping_test function with the c4_IPAddr parameter.
A common detection method is to send a POST request with an injected command in the c4_IPAddr parameter and observe if the command executes on the device.
- Use a command like: curl -X POST -u admin:admin 'http://<router-ip>/setup.cgi' -d 'action=ping_test&c4_IPAddr=; /bin/ls > /tmp/1.txt'
- Check if the file 1.txt is created on the device or if the command output is accessible, indicating successful command injection.
What immediate steps should I take to mitigate this vulnerability?
Since the affected product Trendnet TEW-657BRM has been discontinued and is no longer supported since 2011, no official patches or updates are available.
Immediate mitigation steps include removing the vulnerable device from the network or isolating it to prevent remote access.
If removal is not possible, restrict access to the device's management interface by limiting IP addresses that can connect and enforcing strong authentication.
Monitor network traffic for suspicious POST requests to /setup.cgi with unusual c4_IPAddr parameters.
Consider replacing the device with a supported and updated model to eliminate the risk.