Primary

Context

Trendnet TEW-657BRM OS Command Injection Vulnerability

Vulnerability

An OS command injection vulnerability has been identified in the Trendnet TEW-657BRM router, specifically in version 1.00.1. The issue arises in the 'vpn_drop' function within the 'setup.cgi' file, where the 'policy_name' parameter is accepted without proper validation. This flaw allows remote attackers to inject and execute arbitrary commands on the device.

Impact

Exploitation of this vulnerability allows for arbitrary OS command execution on the affected device.

Reproduction

To reproduce this vulnerability, send a POST request to '/setup.cgi' with the 'policy_name' parameter. Include a command injection payload, such as a command followed by a redirection (e.g., listing directory contents and saving the output to a file). The request must be authorized with basic authentication using admin credentials.

Added: May 3, 2026, 11:20 AM

Updated: May 3, 2026, 11:20 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.8

remediation

0.0

relevance

5.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.8

remediation

0.0

relevance

5.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Trendnet TEW-657BRM OS Command Injection Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating