CVE-2026-5349
Received Received - Intake
Remote Stack-Based Buffer Overflow in Trendnet TEW-657BRM Setup.cgi

Publication date: 2026-04-02

Last updated on: 2026-04-07

Assigner: VulDB

Description
A vulnerability was identified in Trendnet TEW-657BRM 1.00.1. The affected element is the function add_apcdb of the file /setup.cgi. The manipulation of the argument mac_pc_dba leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-02
Last Modified
2026-04-07
Generated
2026-05-07
AI Q&A
2026-04-02
EPSS Evaluated
2026-05-05
NVD
CVE-2026-5349
EUVD
EUVD-2026-18358
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
trendnet tew-657brm_firmware 1.00.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

The CVE-2026-5349 vulnerability affects the Trendnet TEW-657BRM router, version 1.00.1. It is a stack-based buffer overflow vulnerability located in the setup.cgi script, specifically within the add_apcdb function.

The vulnerability occurs because the add_apcdb function takes the mac_pc_dba parameter from user input and passes it directly to the strcpy function without checking the length. This lack of validation allows an attacker to supply an excessively long mac_pc_dba argument, causing a stack overflow.

The attack can be initiated remotely via a crafted HTTP POST request to /setup.cgi, and a proof-of-concept exploit has been publicly disclosed.


How can this vulnerability impact me? :

This vulnerability can lead to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code on the affected device remotely.

Successful exploitation could compromise the router, potentially allowing attackers to take control of the device, disrupt network operations, or use the device as a foothold for further attacks within the network.

Since the product has been discontinued and is no longer supported, no patches or fixes are available, increasing the risk for users who continue to operate this device.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring for suspicious HTTP POST requests to the /setup.cgi endpoint, specifically those containing the mac_pc_dba parameter with unusually long or malformed values that could trigger a stack-based buffer overflow.

A practical detection method is to capture and analyze network traffic for such crafted requests targeting the add_apcdb function.

For example, using command-line tools like curl to simulate or detect the exploit attempt:

  • curl -X POST http://[router_ip]/setup.cgi -d "action=add_apcdb&mac_pc_dba=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"

Additionally, network intrusion detection systems (NIDS) can be configured to alert on HTTP POST requests to /setup.cgi containing the mac_pc_dba parameter with suspiciously long input.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include discontinuing the use of the affected Trendnet TEW-657BRM device, as it has been end-of-life since 2011 and no patches or support are available.

If replacement is not immediately possible, restrict network access to the device by limiting management interface exposure, such as blocking remote HTTP POST requests to /setup.cgi or isolating the device in a secure network segment.

Monitor network traffic for exploit attempts and consider deploying intrusion detection or prevention systems to detect and block malicious requests targeting this vulnerability.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

However, since the vulnerability allows remote exploitation via a stack-based buffer overflow, it could potentially lead to unauthorized access or disruption of the affected device, which might indirectly affect data security and privacy compliance if the device is used in environments subject to such regulations.

It is important to note that the affected product has been discontinued and unsupported since 2011, which may limit mitigation options and increase compliance risks if still in use.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart