Primary

Context

TRENDnet TEW-657BRM Command Injection Vulnerability in WPS Client Setup Function

Vulnerability

A command injection vulnerability has been identified in the TRENDnet TEW-657BRM router, specifically in version 1.00.1. The issue arises in the 'add_wps_client' function within the '/setup.cgi' file, where the 'wl_enrolee_pin' parameter is processed. This vulnerability allows for remote execution of operating system commands by injecting malicious input into the 'wl_enrolee_pin' argument, which is then executed without proper validation. The router model has been discontinued and is no longer supported by the vendor.

Impact

Exploitation of this vulnerability allows for arbitrary operating system command execution on the affected device.

Reproduction

The vulnerability can be reproduced by sending a POST request to '/setup.cgi' with the 'wl_enrolee_pin' parameter. The injected command will be executed on the router's operating system.

Added: Apr 2, 2026, 4:55 PM

Updated: Apr 2, 2026, 4:55 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

8.7

remediation

0.0

relevance

5.1

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

8.7

remediation

0.0

relevance

5.1

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TRENDnet TEW-657BRM Command Injection Vulnerability in WPS Client Setup Function

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating