CVE-2026-5352 is a medium severity OS command injection vulnerability affecting the Trendnet TEW-657BRM router firmware version 1.00.1. The vulnerability resides in the /setup.cgi script's Edit function, specifically in the handling of the pcdb_list parameter. By manipulating this argument, an attacker can inject arbitrary operating system commands, which the device executes with the privileges of the web server process. The attack vector is remote network access, requiring no user interaction and low attack complexity, but it does require low-level privileges (likely authenticated or network access to the device's management interface). The vendor has confirmed the product was discontinued and reached end-of-life in June 2011, meaning no patches or official support are available. The vulnerability was publicly disclosed in April 2026, with no known exploits seen in the wild yet. The CVSS 4.0 vector indicates partial impact on confidentiality, integrity, and availability, with no scope change or user interaction needed. This vulnerability could allow attackers to execute arbitrary commands, potentially leading to full device compromise, unauthorized network access, or use as a pivot point for further attacks. Given the device's age and lack of vendor support, mitigation options are limited to device replacement or network-level protections.

The impact of CVE-2026-5352 is significant for organizations still operating the Trendnet TEW-657BRM router, especially in legacy or isolated environments. Successful exploitation allows remote attackers to execute arbitrary OS commands, potentially leading to full compromise of the device. This can result in unauthorized access to internal networks, interception or manipulation of network traffic, and use of the device as a foothold for lateral movement or launching further attacks. The vulnerability affects confidentiality, integrity, and availability to a partial extent. Since the device is discontinued and unsupported, organizations cannot rely on vendor patches, increasing long-term risk. The exploitability without user interaction and low attack complexity further raises the threat level. However, the limited market presence and age of the device reduce the overall global impact. Still, critical infrastructure or sensitive environments using this device may face elevated risk of disruption or data breach.

Given the lack of vendor support and patches, the primary mitigation is to replace the Trendnet TEW-657BRM router with a modern, supported device that receives regular security updates. If immediate replacement is not feasible, organizations should isolate the device from untrusted networks by placing it behind firewalls or network segmentation to restrict remote management access. Disable remote management interfaces or restrict access to trusted IP addresses only. Monitor network traffic for unusual activity indicative of exploitation attempts targeting the /setup.cgi endpoint. Employ intrusion detection/prevention systems with signatures for command injection attempts. Regularly audit network devices for outdated firmware and maintain an inventory to identify unsupported hardware. Educate network administrators about the risks of legacy devices and enforce policies to phase out end-of-life equipment promptly.