CVE-2026-5355
Received Received - Intake
OS Command Injection in Trendnet TEW-657BRM vpn_drop Function

Publication date: 2026-04-02

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability has been found in Trendnet TEW-657BRM 1.00.1. Affected by this issue is the function vpn_drop of the file /setup.cgi. The manipulation of the argument policy_name leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-02
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-04-02
EPSS Evaluated
2026-06-15
NVD
CVE-2026-5355
EUVD
EUVD-2026-18412
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
trendnet tew-657brm_firmware 1.00.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-5355 is a remote OS command injection vulnerability in the Trendnet TEW-657BRM router, version 1.00.1. It exists in the vpn_drop function of the setup.cgi script. The vulnerability occurs because the vpn_drop function takes a user-supplied parameter called policy_name from HTTP requests and passes it directly to a command execution function without any input validation or sanitization.

This allows an attacker to remotely inject and execute arbitrary operating system commands on the affected device by manipulating the policy_name parameter. A proof-of-concept exploit demonstrates that sending a specially crafted POST request with shell commands embedded in the policy_name parameter causes the router to execute those commands.

Impact Analysis

This vulnerability can allow a remote attacker to execute arbitrary commands on the affected router without authorization. This could lead to unauthorized control over the device, potentially allowing the attacker to manipulate network traffic, disrupt network services, steal sensitive information, or use the device as a foothold for further attacks within the network.

Since the exploit details have been publicly disclosed, the risk of active exploitation is increased, especially because the affected product is no longer supported or patched by the vendor.

Detection Guidance

This vulnerability can be detected by checking if the Trendnet TEW-657BRM router, version 1.00.1, is vulnerable to remote OS command injection via the vpn_drop function in /setup.cgi.

A practical detection method involves sending a crafted POST request to the /setup.cgi endpoint with the policy_name parameter containing shell commands to test if they get executed.

  • Example command to test exploitation: curl -X POST http://<router-ip>/setup.cgi -d "policy_name=; /bin/ls>/4.txt&"

If the command is executed, it will create a file named '4.txt' on the device, indicating the vulnerability is present.

Mitigation Strategies

Since the affected product has been discontinued and is no longer supported since June 23, 2011, no official patches or updates are available.

Immediate mitigation steps include removing the vulnerable device from the network or isolating it to prevent remote access.

Alternatively, replace the device with a supported and updated router model to eliminate the risk.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5355. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart