CVE-2026-5351: OS Command Injection in Trendnet TEW-657BRM
A weakness has been identified in Trendnet TEW-657BRM 1.00.1. This affects the function add_wps_client of the file /setup.cgi. This manipulation of the argument wl_enrolee_pin causes os command injection. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer.
AI Analysis
Technical Summary
This vulnerability affects the Trendnet TEW-657BRM router firmware version 1.00.1. It is caused by improper input validation in the add_wps_client function within /setup.cgi, specifically the wl_enrolee_pin parameter, which leads to OS command injection. An attacker can remotely exploit this flaw to execute arbitrary commands on the device. The vendor has confirmed the product is discontinued since 2011 and does not provide support or patches for this vulnerability. Public exploit code exists, but there are no confirmed active attacks. The CVSS 4.0 base score is 5.3, indicating medium severity.
Potential Impact
Successful exploitation allows remote attackers to execute arbitrary operating system commands on the affected device, potentially leading to unauthorized control or disruption of the device. However, the impact is limited by the fact that the affected product is discontinued and no longer supported by the vendor. There are no reports of active exploitation in the wild.
Mitigation Recommendations
No official patch or fix is available as the product is discontinued and end-of-life since 2011. Users are advised to replace the affected device with a supported model to mitigate the risk. The vendor has stated they will notify registered customers via their product support page but cannot provide a remediation. Patch status is not yet confirmed due to lack of vendor support; check the vendor website for any updates.
CVE-2026-5351: OS Command Injection in Trendnet TEW-657BRM
Description
A weakness has been identified in Trendnet TEW-657BRM 1.00.1. This affects the function add_wps_client of the file /setup.cgi. This manipulation of the argument wl_enrolee_pin causes os command injection. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability affects the Trendnet TEW-657BRM router firmware version 1.00.1. It is caused by improper input validation in the add_wps_client function within /setup.cgi, specifically the wl_enrolee_pin parameter, which leads to OS command injection. An attacker can remotely exploit this flaw to execute arbitrary commands on the device. The vendor has confirmed the product is discontinued since 2011 and does not provide support or patches for this vulnerability. Public exploit code exists, but there are no confirmed active attacks. The CVSS 4.0 base score is 5.3, indicating medium severity.
Potential Impact
Successful exploitation allows remote attackers to execute arbitrary operating system commands on the affected device, potentially leading to unauthorized control or disruption of the device. However, the impact is limited by the fact that the affected product is discontinued and no longer supported by the vendor. There are no reports of active exploitation in the wild.
Mitigation Recommendations
No official patch or fix is available as the product is discontinued and end-of-life since 2011. Users are advised to replace the affected device with a supported model to mitigate the risk. The vendor has stated they will notify registered customers via their product support page but cannot provide a remediation. Patch status is not yet confirmed due to lack of vendor support; check the vendor website for any updates.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-04-01T16:47:08.739Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 69ce9471e6bfc5ba1de9346c
Added to database: 4/2/2026, 4:08:17 PM
Last enriched: 4/9/2026, 10:40:40 PM
Last updated: 5/20/2026, 9:38:30 PM
Views: 64
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.