Tew 657brm Firmware
by Trendnet
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-5350 | Hig | 0.57 | 8.8 | 0.01 | Apr 2, 2026 | A security flaw has been discovered in Trendnet TEW-657BRM 1.00.1. The impacted element is the function update_pcdb of the file /setup.cgi. The manipulation of the argument mac_pc_dba results in stack-based buffer overflow. The attack can be launched remotely. The exploit has… | ||
| CVE-2026-5349 | Hig | 0.57 | 8.8 | 0.01 | Apr 2, 2026 | A vulnerability was identified in Trendnet TEW-657BRM 1.00.1. The affected element is the function add_apcdb of the file /setup.cgi. The manipulation of the argument mac_pc_dba leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit is publicly… | ||
| CVE-2026-5355 | Med | 0.41 | 6.3 | 0.05 | Apr 2, 2026 | A vulnerability has been found in Trendnet TEW-657BRM 1.00.1. Affected by this issue is the function vpn_drop of the file /setup.cgi. The manipulation of the argument policy_name leads to os command injection. The attack is possible to be carried out remotely. The exploit has… | ||
| CVE-2026-5354 | Med | 0.41 | 6.3 | 0.05 | Apr 2, 2026 | A flaw has been found in Trendnet TEW-657BRM 1.00.1. Affected by this vulnerability is the function vpn_connect of the file /setup.cgi. Executing a manipulation of the argument policy_name can lead to os command injection. The attack can be executed remotely. The exploit has… | ||
| CVE-2026-5353 | Med | 0.41 | 6.3 | 0.05 | Apr 2, 2026 | A vulnerability was detected in Trendnet TEW-657BRM 1.00.1. Affected is the function ping_test of the file /setup.cgi. Performing a manipulation of the argument c4_IPAddr results in os command injection. Remote exploitation of the attack is possible. The exploit is now public… | ||
| CVE-2026-5352 | Med | 0.41 | 6.3 | 0.04 | Apr 2, 2026 | A security vulnerability has been detected in Trendnet TEW-657BRM 1.00.1. This impacts the function Edit of the file /setup.cgi. Such manipulation of the argument pcdb_list leads to os command injection. The attack may be launched remotely. The exploit has been disclosed… | ||
| CVE-2026-5351 | Med | 0.41 | 6.3 | 0.04 | Apr 2, 2026 | A weakness has been identified in Trendnet TEW-657BRM 1.00.1. This affects the function add_wps_client of the file /setup.cgi. This manipulation of the argument wl_enrolee_pin causes os command injection. The attack may be initiated remotely. The exploit has been made available… | ||
| CVE-2025-65202 | 0.00 | — | 0.07 | Nov 26, 2025 | TRENDnet TEW-657BRM 1.00.1 has an authenticated remote OS command injection vulnerability in the setup.cgi binary, exploitable via the HTTP parameters "command", "todo", and "next_file," which allows an attacker to execute arbitrary commands with root privileges. |
- risk 0.57cvss 8.8epss 0.01
A security flaw has been discovered in Trendnet TEW-657BRM 1.00.1. The impacted element is the function update_pcdb of the file /setup.cgi. The manipulation of the argument mac_pc_dba results in stack-based buffer overflow. The attack can be launched remotely. The exploit has…
- risk 0.57cvss 8.8epss 0.01
A vulnerability was identified in Trendnet TEW-657BRM 1.00.1. The affected element is the function add_apcdb of the file /setup.cgi. The manipulation of the argument mac_pc_dba leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit is publicly…
- risk 0.41cvss 6.3epss 0.05
A vulnerability has been found in Trendnet TEW-657BRM 1.00.1. Affected by this issue is the function vpn_drop of the file /setup.cgi. The manipulation of the argument policy_name leads to os command injection. The attack is possible to be carried out remotely. The exploit has…
- risk 0.41cvss 6.3epss 0.05
A flaw has been found in Trendnet TEW-657BRM 1.00.1. Affected by this vulnerability is the function vpn_connect of the file /setup.cgi. Executing a manipulation of the argument policy_name can lead to os command injection. The attack can be executed remotely. The exploit has…
- risk 0.41cvss 6.3epss 0.05
A vulnerability was detected in Trendnet TEW-657BRM 1.00.1. Affected is the function ping_test of the file /setup.cgi. Performing a manipulation of the argument c4_IPAddr results in os command injection. Remote exploitation of the attack is possible. The exploit is now public…
- risk 0.41cvss 6.3epss 0.04
A security vulnerability has been detected in Trendnet TEW-657BRM 1.00.1. This impacts the function Edit of the file /setup.cgi. Such manipulation of the argument pcdb_list leads to os command injection. The attack may be launched remotely. The exploit has been disclosed…
- risk 0.41cvss 6.3epss 0.04
A weakness has been identified in Trendnet TEW-657BRM 1.00.1. This affects the function add_wps_client of the file /setup.cgi. This manipulation of the argument wl_enrolee_pin causes os command injection. The attack may be initiated remotely. The exploit has been made available…
- CVE-2025-65202Nov 26, 2025risk 0.00cvss —epss 0.07
TRENDnet TEW-657BRM 1.00.1 has an authenticated remote OS command injection vulnerability in the setup.cgi binary, exploitable via the HTTP parameters "command", "todo", and "next_file," which allows an attacker to execute arbitrary commands with root privileges.