CVE-2026-5351
Published: 02 April 2026
Summary
CVE-2026-5351 is a medium-severity Command Injection (CWE-77) vulnerability in Trendnet Tew-657Brm Firmware. Its CVSS base score is 6.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 24.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SA-22 (Unsupported System Components) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Prohibits use of unsupported EOL components like the Trendnet TEW-657BRM router, directly mitigating unpatchable OS command injection vulnerabilities.
Requires validation and sanitization of inputs like the wl_enrolee_pin argument in /setup.cgi to prevent OS command injection exploits.
Mandates identification and remediation of flaws like CVE-2026-5351, leading to patching, reconfiguration, or decommissioning of affected EOL systems.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OS command injection via authenticated web interface on router enables exploitation of public-facing application (T1190) and network device CLI command execution (T1059.008).
NVD Description
A weakness has been identified in Trendnet TEW-657BRM 1.00.1. This affects the function add_wps_client of the file /setup.cgi. This manipulation of the argument wl_enrolee_pin causes os command injection. The attack may be initiated remotely. The exploit has been made available…
more
to the public and could be used for attacks. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer.
Deeper analysisAI
CVE-2026-5351 is an OS command injection vulnerability in the Trendnet TEW-657BRM router running firmware version 1.00.1. The issue resides in the add_wps_client function within the /setup.cgi script, where manipulation of the wl_enrolee_pin argument enables arbitrary command execution. This flaw is classified under CWE-77 (Command Line Execution Improper Neutralization) and CWE-78 (OS Command Injection), with a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).
The vulnerability can be exploited remotely by attackers who possess low privileges, such as authenticated users with access to the web interface. Successful exploitation allows limited impacts, including low-level disclosure of confidential information, modification of data, and denial of service through command injection. A public exploit is available, increasing the risk for affected devices still in use.
Vendor advisories indicate no patches or support are available, as the TEW-657BRM product reached end-of-life on June 23, 2011—over 14 years ago. Trendnet has stated they cannot confirm the vulnerability due to lack of support but plans to post an announcement on their product support page and notify registered customers. This issue exclusively affects unsupported, discontinued products.
Notable context includes the public availability of an exploit, which could facilitate attacks on legacy networks still deploying these routers. No evidence of widespread real-world exploitation is reported in the provided details.
Details
- CWE(s)