CVE-2026-5354 identifies an OS command injection vulnerability in the Trendnet TEW-657BRM router, specifically in the vpn_connect function within the /setup.cgi script. The vulnerability arises from insufficient input validation of the policy_name parameter, which an attacker can manipulate to inject and execute arbitrary operating system commands remotely. This flaw allows an unauthenticated attacker to potentially compromise the device, leading to unauthorized command execution. The affected firmware version is 1.00.1. The vendor has confirmed that the product has been discontinued since June 23, 2011, and no longer receives security updates or support. Although an exploit has been published, there are no confirmed reports of active exploitation in the wild. The CVSS 4.0 base score is 5.3 (medium), reflecting network attack vector, no user interaction, low attack complexity, and limited scope and impact on confidentiality, integrity, and availability. The vulnerability poses a risk mainly to legacy deployments still using this outdated router model, as modern devices are unaffected. Due to the lack of vendor patches, mitigation options are limited to operational controls or device replacement.

If exploited, this vulnerability could allow remote attackers to execute arbitrary OS commands on the affected Trendnet TEW-657BRM device, potentially leading to full device compromise. This could result in unauthorized access to network traffic, disruption of VPN connectivity, or use of the device as a foothold for further network attacks. Given the device's discontinued status and age, the impact is primarily on legacy environments where these routers remain in use. Organizations relying on these devices may face increased risk of network intrusion, data interception, or denial of service. However, the limited market presence and lack of vendor support reduce the likelihood of widespread impact. Still, critical infrastructure or sensitive networks using these devices without mitigation could experience significant operational and security consequences.

Since no patches or vendor support are available for this discontinued product, organizations should prioritize replacing the Trendnet TEW-657BRM routers with modern, supported devices that receive regular security updates. In the interim, network segmentation should be implemented to isolate these legacy devices from critical network segments and limit exposure to untrusted networks. Access controls such as firewall rules should restrict inbound traffic to the device, especially blocking access to the /setup.cgi interface from untrusted sources. Monitoring network traffic for suspicious activity targeting the vpn_connect function or unusual command execution attempts can help detect exploitation attempts. Disabling VPN functionality on these devices, if feasible, can reduce the attack surface. Finally, organizations should conduct asset inventories to identify any remaining vulnerable devices and plan for their timely decommissioning.