Vulnerabilities ›

CVE-2026-5353

Medium

CWE-77 — Weakness Type

                    Published: Apr 2, 2026                      ·  Modified: Apr 5, 2026                      ·  Source: NVD                

CVSS v3

6.3

🔗 NVD Official

📄 Description (English)

A vulnerability was detected in Trendnet TEW-657BRM 1.00.1. Affected is the function ping_test of the file /setup.cgi. Performing a manipulation of the argument c4_IPAddr results in os command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer.

🤖 AI Executive Summary

CVE-2026-5353 is a command injection vulnerability in the discontinued Trendnet TEW-657BRM router (end-of-life since 2011) affecting the ping_test function in /setup.cgi. The vulnerability allows remote attackers to execute arbitrary OS commands via manipulation of the c4_IPAddr parameter. While the CVSS score is 6.3 (medium), the practical risk is significantly reduced due to the product's 14+ year obsolescence and lack of vendor support.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 18, 2026 15:16

🇸🇦 Saudi Arabia Impact Assessment

Impact on Saudi organizations is minimal given the product's 14-year obsolescence. However, legacy network infrastructure in some government agencies, smaller enterprises, and remote branch offices may still operate discontinued Trendnet equipment. Most at-risk sectors: Small/Medium Enterprises (SMEs), Government agencies with legacy IT infrastructure, Educational institutions with aging network equipment. Banking and critical infrastructure (ARAMCO, STC) are unlikely to be affected due to modern equipment requirements. Organizations using this router would face complete compromise of network perimeter security if exploited.

🏢 Affected Saudi Sectors

Small and Medium Enterprises (SMEs) Government Agencies (legacy infrastructure) Educational Institutions Healthcare (if using legacy network equipment) Telecommunications (legacy branch offices)

🎯 MITRE ATT&CK Techniques

T1059 - Command and Scripting Interpreter (OS command injection) T1190 - Exploit Public-Facing Application (remote exploitation via web interface) T1021 - Remote Services (administrative access to network device) T1548 - Abuse Elevation Control Mechanism (privilege escalation via command injection)

⚖️ Saudi Risk Score (AI)

3.2

/ 10.0

🔧 Remediation Steps (English)

Immediate Actions:

1. Conduct network inventory to identify any remaining Trendnet TEW-657BRM devices in use

2. If identified, immediately isolate affected devices from production networks

3. Replace with modern, vendor-supported router models (minimum 5-year support commitment)

4. No patch is available from vendor; device is end-of-life



Compensating Controls:

1. Implement network segmentation to isolate legacy devices if replacement is not immediately possible

2. Restrict administrative access to the router's web interface (block /setup.cgi access from untrusted networks)

3. Deploy WAF/IPS rules to detect and block command injection attempts targeting ping_test function

4. Monitor for suspicious ping_test requests with unusual c4_IPAddr parameters containing shell metacharacters (|, ;, &, $, `, etc.)

5. Implement strict firewall rules limiting access to router management interfaces

6. Disable remote management features if not absolutely required



Detection Rules:

1. Alert on HTTP requests to /setup.cgi containing ping_test function calls

2. Monitor for c4_IPAddr parameters containing command injection payloads (shell metacharacters)

3. Log all administrative access attempts to the router

4. Monitor for unusual process execution originating from router IP addresses

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. إجراء جرد شامل للشبكة لتحديد أي أجهزة Trendnet TEW-657BRM المتبقية قيد الاستخدام

2. في حالة التحديد، عزل الأجهزة المتأثرة فوراً عن شبكات الإنتاج

3. الاستبدال بنماذج موجهات حديثة مدعومة من البائع (التزام دعم لا يقل عن 5 سنوات)

4. لا توجد تصحيحات متاحة من البائع؛ الجهاز انتهت حياته

الضوابط التعويضية:

1. تنفيذ تقسيم الشبكة لعزل الأجهزة القديمة إذا لم يكن الاستبدال ممكناً فوراً

2. تقييد الوصول الإداري إلى واجهة الويب للموجه (حظر وصول /setup.cgi من الشبكات غير الموثوقة)

3. نشر قواعد WAF/IPS للكشف عن محاولات حقن الأوامر وحجبها

4. مراقبة طلبات ping_test المريبة مع معاملات c4_IPAddr غير العادية التي تحتوي على أحرف shell (|، ;، &، $، `، إلخ)

5. تنفيذ قواعد جدار الحماية الصارمة لتحديد الوصول إلى واجهات إدارة الموجه

6. تعطيل ميزات الإدارة البعيدة إذا لم تكن مطلوبة بشكل مطلق

قواعد الكشف:

1. تنبيهات على طلبات HTTP إلى /setup.cgi التي تحتوي على استدعاءات وظيفة ping_test

2. مراقبة معاملات c4_IPAddr التي تحتوي على حمولات حقن الأوامر (أحرف shell)

3. تسجيل جميع محاولات الوصول الإداري إلى الموجه

4. مراقبة تنفيذ العمليات غير العادية من عناوين IP للموجه

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.8.1 - Asset Management (inventory and management of network devices) A.8.2 - Information Classification (protection of network infrastructure) A.13.1 - Network Security (network perimeter protection) A.14.2 - System Development and Maintenance (secure configuration management)

🔵 SAMA CSF

ID.AM-1 - Physical devices and software assets are inventoried PR.AC-1 - Identities and credentials are issued, managed, verified, revoked, and audited PR.DS-2 - Data in transit is protected DE.CM-1 - The network is monitored to detect potential cybersecurity events

🟡 ISO 27001:2022

A.5.9 - Access control (management of administrative access) A.8.1 - Asset management (inventory of IT assets) A.8.2 - Information classification (protection of network infrastructure) A.13.1 - Network security (network perimeter controls) A.14.2 - System development and maintenance (secure configuration)

🟣 PCI DSS v4.0.1

Requirement 1.1 - Firewall configuration standards (network segmentation) Requirement 2.1 - Default security parameters (change default credentials) Requirement 6.2 - Security patches (though no patch available for EOL product)

🔗 References & Sources 4

🔗

https://github.com/panda666-888/vuls/blob/main/trendnet/tew-657brm/ping_test.md

cna@vuldb.com

🔗

https://vuldb.com/submit/781566

cna@vuldb.com

🔗

https://vuldb.com/vuln/354706

cna@vuldb.com

🔗

https://vuldb.com/vuln/354706/cti

cna@vuldb.com

📊 CVSS Score

6.3

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityL — Low / Local

📋 Quick Facts

Severity Medium

CVSS Score6.3

CWECWE-77

EPSS0.30%

Exploit No

Patch ✗ No

Published 2026-04-02

Source Feed nvd

🇸🇦 Saudi Risk Score

3.2

/ 10.0 — Saudi Risk

Priority: LOW

🏷️ Tags

CWE-77

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-5353

Introduce Yourself

Sign In Required