CVE-2026-33613

Due to the improper neutralisation of special elements used in an OS command, a remote attacker can exploit an RCE vulnerability in the generateSrpArray function, resulting in full system compromise. This vulnerability can only be attacked if the attacker has some other way to write arbitrary dat...

PT-2026-30260

ProSoft Technology ICX35-HWC versions 1.3 and prior cellular gateways contain an input validation vulnerability in the web user interface that allows remote attackers to inject and execute system commands by submitting malicious input through unvalidated fields. Attackers can exploit this...

EUVD-2026-18406

A security vulnerability has been detected in Trendnet TEW-657BRM 1.00.1. This impacts the function Edit of the file /setup.cgi. Such manipulation of the argument pcdblist leads to os command injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used...

EUVD-2026-18412

A vulnerability has been found in Trendnet TEW-657BRM 1.00.1. Affected by this issue is the function vpndrop of the file /setup.cgi. The manipulation of the argument policyname leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the...

EUVD-2026-18408

A vulnerability was detected in Trendnet TEW-657BRM 1.00.1. Affected is the function pingtest of the file /setup.cgi. Performing a manipulation of the argument c4IPAddr results in os command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. The...

EUVD-2026-18362

A weakness has been identified in Trendnet TEW-657BRM 1.00.1. This affects the function addwpsclient of the file /setup.cgi. This manipulation of the argument wlenroleepin causes os command injection. The attack may be initiated remotely. The exploit has been made available to the public and coul...

CVE-2026-5355

A vulnerability has been found in Trendnet TEW-657BRM 1.00.1. Affected by this issue is the function vpndrop of the file /setup.cgi. The manipulation of the argument policyname leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the...

CVE-2026-5353

A vulnerability was detected in Trendnet TEW-657BRM 1.00.1. Affected is the function pingtest of the file /setup.cgi. Performing a manipulation of the argument c4IPAddr results in os command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. The...

CVE-2026-5352

A security vulnerability has been detected in Trendnet TEW-657BRM 1.00.1. This impacts the function Edit of the file /setup.cgi. Such manipulation of the argument pcdblist leads to os command injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used...

CVE-2026-5355

Summary: CVE-2026-5355 affects Trendnet TEW-657BRM 1.00.1. The issue is in the vpn_drop function within /setup.cgi where misusing the policy_name parameter enables OS command injection. This allows remote execution of commands. Documents indicate the exploit has been disclosed and may be used. Th...

CVE-2026-5354

A flaw has been found in Trendnet TEW-657BRM 1.00.1. Affected by this vulnerability is the function vpnconnect of the file /setup.cgi. Executing a manipulation of the argument policyname can lead to os command injection. The attack can be executed remotely. The exploit has been published and may ...

CVE-2026-5354 Trendnet TEW-657BRM setup.cgi vpn_connect os command injection

A flaw has been found in Trendnet TEW-657BRM 1.00.1. Affected by this vulnerability is the function vpnconnect of the file /setup.cgi. Executing a manipulation of the argument policyname can lead to os command injection. The attack can be executed remotely. The exploit has been published and may ...

CVE-2026-5354

Trendnet TEW-657BRM 1.00.1 is affected by CVE-2026-5354 due to a flaw in the vpn_connect function in /setup.cgi where manipulating the policy_name argument enables remote os command injection. Exploitation is possible without user interaction and remote access, with the exploit published and pote...

CVE-2026-5353

A vulnerability was detected in Trendnet TEW-657BRM 1.00.1. Affected is the function pingtest of the file /setup.cgi. Performing a manipulation of the argument c4IPAddr results in os command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. The...

CVE-2026-5353

Trendnet TEW-657BRM version 1.00.1 contains a vulnerability in the ping_test function of /setup.cgi where manipulating the c4_IPAddr parameter leads to os command injection. Remote exploitation is possible; exploit code is public. The vendor notes the product is discontinued and out of support si...

CVE-2026-5351 Trendnet TEW-657BRM setup.cgi add_wps_client os command injection

A weakness has been identified in Trendnet TEW-657BRM 1.00.1. This affects the function addwpsclient of the file /setup.cgi. This manipulation of the argument wlenroleepin causes os command injection. The attack may be initiated remotely. The exploit has been made available to the public and coul...

CVE-2026-5351 Trendnet TEW-657BRM setup.cgi add_wps_client os command injection

A weakness has been identified in Trendnet TEW-657BRM 1.00.1. This affects the function addwpsclient of the file /setup.cgi. This manipulation of the argument wlenroleepin causes os command injection. The attack may be initiated remotely. The exploit has been made available to the public and coul...

EUVD-2026-18342

A vulnerability was detected in Tenda G103 1.0.0.5. The impacted element is the function actionsetnetsettings of the file gpon.lua of the component Setting Handler. Performing a manipulation of the argument authLoid/authLoidPassword/authPassword/authSerialNo/authType/oltType/usVlanId/usVlanPriori...

Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise

Cisco has released updates to address a critical security flaw in the Integrated Management Controller IMC that, if successfully exploited, could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system with elevated privileges. The vulnerability, tracked a...

CVE-2026-5339

A vulnerability was detected in Tenda G103 1.0.0.5. The impacted element is the function actionsetnetsettings of the file gpon.lua of the component Setting Handler. Performing a manipulation of the argument authLoid/authLoidPassword/authPassword/authSerialNo/authType/oltType/usVlanId/usVlanPriori...