Vulnerability-Lookup

CNVD-2026-17902

Vulnerability from cnvd - Published: 2026-04-21

Title

TRENDnet TEW-657BRM vpn_drop函数操作系统命令注入漏洞

Description

TRENDnet TEW-657BRM是美国趋势网络（TRENDnet）公司的一个WiFi路由器。 TRENDnet TEW-657BRM vpn_drop函数存在操作系统命令注入漏洞，该漏洞源于对文件/setup.cgi中vpn_drop函数参数policy_name的错误操作，攻击者可利用该漏洞导致os命令注入。

Severity

中

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://github.com/panda666-888/vuls/blob/main/trendnet/tew-657brm/vpn_drop.md

Reference

https://nvd.nist.gov/vuln/detail/CVE-2026-5355

Impacted products

Name
TRENDnet TEW-657BRM v1.00.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2026-5355",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2026-5355"
    }
  },
  "description": "TRENDnet TEW-657BRM\u662f\u7f8e\u56fd\u8d8b\u52bf\u7f51\u7edc\uff08TRENDnet\uff09\u516c\u53f8\u7684\u4e00\u4e2aWiFi\u8def\u7531\u5668\u3002\n\nTRENDnet TEW-657BRM vpn_drop\u51fd\u6570\u5b58\u5728\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5bf9\u6587\u4ef6/setup.cgi\u4e2dvpn_drop\u51fd\u6570\u53c2\u6570policy_name\u7684\u9519\u8bef\u64cd\u4f5c\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4os\u547d\u4ee4\u6ce8\u5165\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://github.com/panda666-888/vuls/blob/main/trendnet/tew-657brm/vpn_drop.md",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2026-17902",
  "openTime": "2026-04-21",
  "products": {
    "product": "TRENDnet TEW-657BRM v1.00.1"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2026-5355",
  "serverity": "\u4e2d",
  "submitTime": "2026-04-10",
  "title": "TRENDnet TEW-657BRM vpn_drop\u51fd\u6570\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}

CVE-2026-5355 (GCVE-0-2026-5355)

Vulnerability from cvelistv5 – Published: 2026-04-02 16:45 – Updated: 2026-04-02 18:59 Unsupported When Assigned

Title

Trendnet TEW-657BRM setup.cgi vpn_drop os command injection

Summary

A vulnerability has been found in Trendnet TEW-657BRM 1.00.1. Affected by this issue is the function vpn_drop of the file /setup.cgi. The manipulation of the argument policy_name leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer.

Severity

5.3 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

6.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

SSVC

Exploitation: poc Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-78 - OS Command Injection
CWE-77 - Command Injection

Assigner

VulDB

References

4 references

URL	Tags
https://vuldb.com/vuln/354708	vdb-entrytechnical-description
https://vuldb.com/vuln/354708/cti	signaturepermissions-required
https://vuldb.com/submit/781569	third-party-advisory
https://github.com/panda666-888/vuls/blob/main/tr…	exploit

Impacted products

1 product

Vendor	Product	Version
Trendnet	TEW-657BRM	Affected: 1.00.1 cpe:2.3:o:trendnet:tew-657brm_firmware::::::::

Credits

panda_0x1 (VulDB User) VulDB CNA Team

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-5355",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-02T18:58:17.462387Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-02T18:59:51.603Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:trendnet:tew-657brm_firmware:*:*:*:*:*:*:*:*"
          ],
          "product": "TEW-657BRM",
          "vendor": "Trendnet",
          "versions": [
            {
              "status": "affected",
              "version": "1.00.1"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "panda_0x1 (VulDB User)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulDB CNA Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been found in Trendnet TEW-657BRM 1.00.1. Affected by this issue is the function vpn_drop of the file /setup.cgi. The manipulation of the argument policy_name leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor confirms, that \"[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website\u0027s product support page and notify customers who registered their products with us.\" This vulnerability only affects products that are no longer supported by the maintainer."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.5,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "OS Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-02T16:45:17.025Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-354708 | Trendnet TEW-657BRM setup.cgi vpn_drop os command injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/vuln/354708"
        },
        {
          "name": "VDB-354708 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/354708/cti"
        },
        {
          "name": "Submit #781569 | TRENDnet TEW-657BRM 1.00.1 Command Injection",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/781569"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/panda666-888/vuls/blob/main/trendnet/tew-657brm/vpn_drop.md"
        }
      ],
      "tags": [
        "unsupported-when-assigned"
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-04-01T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-04-01T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-04-01T18:52:44.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Trendnet TEW-657BRM setup.cgi vpn_drop os command injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-5355",
    "datePublished": "2026-04-02T16:45:17.025Z",
    "dateReserved": "2026-04-01T16:47:21.513Z",
    "dateUpdated": "2026-04-02T18:59:51.603Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2026-17902

CVE-2026-5355 (GCVE-0-2026-5355)

Tags

Sightings

Nomenclature