Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-65202

TRENDnet TEW-657BRM 1.00.1 has an authenticated remote OS command injection vulnerability in the setup.cgi binary, exploitable via the HTTP parameters "command", "todo", and "next_file," which allows an attacker to execute arbitrary commands with root privileges.

Published

2025-11-26T21:15:46.533

Last Modified

2025-12-05T13:34:32.730

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.0 (HIGH)

Weaknesses

Type: Secondary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	trendnet	tew-657brm_firmware	1.00.1	Yes
Hardware	trendnet	tew-657brm	-	No

References

https://github.com/WhereisRain/TEW-657BRM Exploit, Third Party Advisory ([email protected])