CVE-2026-5354
Received Received - Intake
OS Command Injection in Trendnet TEW-657BRM VPN Connect Function

Publication date: 2026-04-02

Last updated on: 2026-04-29

Assigner: VulDB

Description
A flaw has been found in Trendnet TEW-657BRM 1.00.1. Affected by this vulnerability is the function vpn_connect of the file /setup.cgi. Executing a manipulation of the argument policy_name can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-02
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-04-02
EPSS Evaluated
2026-06-15
NVD
CVE-2026-5354
EUVD
EUVD-2026-18410
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
trendnet tew-657brm_firmware 1.00.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The CVE-2026-5354 vulnerability affects the Trendnet TEW-657BRM router, version 1.00.1. It is a remote OS command injection vulnerability located in the setup.cgi script, specifically within the vpn_connect function.

The vulnerability arises because the vpn_connect function retrieves the user-supplied parameter "policy_name" from an HTTP request and passes it directly to the SYSTEM function without any input validation or sanitization.

This allows an attacker to inject arbitrary OS commands remotely by manipulating the "policy_name" parameter.

The exploit requires authentication (Basic Auth with admin credentials) and has been publicly disclosed, increasing the risk of active exploitation.

Impact Analysis

This vulnerability allows a remote attacker with admin credentials to execute arbitrary operating system commands on the affected device.

Successful exploitation could lead to unauthorized control over the router, potentially compromising network security, disrupting network services, or enabling further attacks within the network.

However, the affected product has been discontinued and end-of-life since June 23, 2011, and no support or patches are available.

Detection Guidance

This vulnerability can be detected by sending a crafted POST request to the /setup.cgi endpoint targeting the vpn_connect function with a manipulated "policy_name" parameter that includes shell commands.

For example, a test command could be sending a POST request with the parameter: policy_name=; /bin/ls>/3.txt& to check if arbitrary commands are executed on the device.

Note that the exploit requires authentication using Basic Auth with admin credentials.

Mitigation Strategies

Since the affected product, Trendnet TEW-657BRM version 1.00.1, has been discontinued and end-of-life since June 23, 2011, no official patches or support are available.

Immediate mitigation steps include removing or isolating the vulnerable device from the network to prevent remote exploitation.

Additionally, restrict access to the device's management interface, especially blocking remote access and enforcing strong authentication controls.

Consider replacing the device with a supported and updated model to ensure ongoing security.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5354. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart