Cyber Resilience

CVE-2026-5352

MediumPublic PoC

Published: 02 April 2026

Published
02 April 2026
Modified
07 April 2026
KEV Added
Patch
CVSS Score v4 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0412 89.5th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2026-5352 is a medium-severity Command Injection (CWE-77) vulnerability in Trendnet Tew-657Brm Firmware. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 10.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SA-22 (Unsupported System Components) and SI-10 (Information Input Validation).

Deeper analysis

A security vulnerability has been identified in the Trendnet TEW-657BRM router running firmware version 1.00.1. The issue resides in the Edit function of the /setup.cgi file, where improper handling of the pcdb_list argument enables OS command injection. The flaw is tracked under CWE-77 and CWE-78 and carries a CVSS 4.0 score of 5.3.

Remote attackers with low privileges can exploit the vulnerability over the network to execute arbitrary operating system commands, resulting in limited effects on confidentiality, integrity, and availability. Public exploit code has been released, and the attack requires no user interaction.

The vendor has stated that the TEW-657BRM reached end-of-life status in June 2011 and receives no further support or patches. No mitigation guidance beyond this acknowledgment is provided in the available references.

The associated EPSS score rose from a low baseline to a peak of 0.0106 before settling at 0.0033, indicating measurable post-disclosure exploitation interest in an unsupported device.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A security vulnerability has been detected in Trendnet TEW-657BRM 1.00.1. This impacts the function Edit of the file /setup.cgi. Such manipulation of the argument pcdb_list leads to os command injection. The attack may be launched remotely. The exploit has been…

more

disclosed publicly and may be used. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

OS command injection in web CGI (/setup.cgi) enables exploitation of public-facing application (T1190) and arbitrary Unix shell command execution (T1059.004) on the router's OS.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-5354Same product: Trendnet Tew-657Brm
CVE-2026-5355Same product: Trendnet Tew-657Brm
CVE-2026-5351Same product: Trendnet Tew-657Brm
CVE-2026-5353Same product: Trendnet Tew-657Brm
CVE-2026-5349Same product: Trendnet Tew-657Brm
CVE-2026-5350Same product: Trendnet Tew-657Brm
CVE-2026-7609Same vendor: Trendnet
CVE-2025-15471Same vendor: Trendnet
CVE-2025-15472Same vendor: Trendnet
CVE-2024-46484Same vendor: Trendnet

Affected Assets

trendnet
tew-657brm firmware
1.00.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires replacement, prohibition, or compensating controls for unsupported EOL products like the Trendnet TEW-657BRM with no patches available.

prevent

Mandates validation of inputs like the pcdb_list argument to prevent OS command injection in the /setup.cgi Edit function.

prevent

Requires identification, reporting, and correction of flaws such as this command injection vulnerability classified under CWE-77/78.

References