CVE-2026-5352
Published: 02 April 2026
Summary
CVE-2026-5352 is a medium-severity Command Injection (CWE-77) vulnerability in Trendnet Tew-657Brm Firmware. Its CVSS base score is 6.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 40.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SA-22 (Unsupported System Components) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires replacement, prohibition, or compensating controls for unsupported EOL products like the Trendnet TEW-657BRM with no patches available.
Mandates validation of inputs like the pcdb_list argument to prevent OS command injection in the /setup.cgi Edit function.
Requires identification, reporting, and correction of flaws such as this command injection vulnerability classified under CWE-77/78.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OS command injection in web CGI (/setup.cgi) enables exploitation of public-facing application (T1190) and arbitrary Unix shell command execution (T1059.004) on the router's OS.
NVD Description
A security vulnerability has been detected in Trendnet TEW-657BRM 1.00.1. This impacts the function Edit of the file /setup.cgi. Such manipulation of the argument pcdb_list leads to os command injection. The attack may be launched remotely. The exploit has been…
more
disclosed publicly and may be used. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer.
Deeper analysisAI
CVE-2026-5352 is an OS command injection vulnerability in Trendnet TEW-657BRM version 1.00.1, affecting the Edit function within the /setup.cgi file. The flaw arises from improper handling of the pcdb_list argument, allowing malicious input to execute arbitrary operating system commands. It is classified under CWE-77 (Command Injection) and CWE-78 (OS Command Injection), with a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).
The vulnerability can be exploited remotely by an attacker with low privileges, such as a user authenticated to the device. Exploitation requires network access and low attack complexity but no user interaction. Successful injection enables limited impacts on confidentiality, integrity, and availability, potentially allowing command execution within the context of the web server process.
Vendor advisories indicate no patches or support are available, as the TEW-657BRM product reached end-of-life on June 23, 2011, over 14 years ago. Trendnet states it cannot confirm the vulnerability due to lack of support but plans to announce details on its product support page and notify registered customers. The issue exclusively affects unsupported devices.
An exploit has been publicly disclosed, as documented in references including a GitHub proof-of-concept and VulDB entries. No evidence of active real-world exploitation is noted beyond this disclosure.
Details
- CWE(s)