Trendnet TEW-657BRM Command Injection Vulnerability in the VPN Connect Function
Vulnerability
A command injection vulnerability has been identified in the Trendnet TEW-657BRM router, specifically in version 1.00.1. The issue arises in the VPN connect function within the setup.cgi file, where the policy_name parameter is improperly sanitized before being passed to the system command execution function. This flaw allows remote attackers to inject and execute arbitrary commands on the operating system level. The vulnerability is particularly concerning as the product has been discontinued and unsupported since 2011, leaving users without any official guidance or patches.
Impact
Exploitation of this vulnerability allows for arbitrary command execution on the device's operating system, potentially leading to unauthorized access or control over the device.
Reproduction
To reproduce this vulnerability, send a POST request to the /setup.cgi endpoint with the policy_name parameter. Include a crafted value that exploits the command injection flaw, such as a command followed by a redirection operator to capture the output.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.