PT-2025-48189 · Trendnet · Trendnet Tew-657Brm
Published
2025-11-26
·
Updated
2025-12-05
·
CVE-2025-65202
CVSS v3.1
8.0
High
| Vector | AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
TRENDnet TEW-657BRM version 1.00.1
Description
The TRENDnet TEW-657BRM device version 1.00.1 contains an authenticated remote OS command injection issue in the
setup.cgi binary. An attacker can exploit this by manipulating the HTTP parameters command, todo, and next file to execute arbitrary commands with root privileges. The affected device is vulnerable to remote code execution.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Trendnet Tew-657Brm