CVE-2026-5350
Remote Stack-Based Buffer Overflow in Trendnet TEW-657BRM Setup.cgi
Publication date: 2026-04-02
Last updated on: 2026-04-07
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| trendnet | tew-657brm_firmware | 1.00.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-5350 is a stack-based buffer overflow vulnerability in the Trendnet TEW-657BRM router, version 1.00.1. It occurs in the update_pcdb function of the /setup.cgi file, where the mac_pc_dba parameter from user input is copied without proper bounds checking. This allows an attacker to send a specially crafted HTTP POST request with an excessively long mac_pc_dba value, causing a stack overflow.
Because the vulnerability can be exploited remotely, an attacker can trigger this overflow over the network without needing local access.
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to serious security consequences such as remote code execution, denial of service, or system compromise on the affected device.
Since the vulnerability allows remote attackers to overflow the stack, it may enable them to execute arbitrary code or crash the device, disrupting network connectivity or gaining unauthorized control.
However, this vulnerability affects a discontinued product that has been end-of-life since 2011, and no official support or patches are available.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious HTTP POST requests to the /setup.cgi endpoint on the Trendnet TEW-657BRM router, specifically those containing the mac_pc_dba parameter with an unusually large payload.
A detection method involves inspecting network traffic for POST requests with a large Content-Length header targeting /setup.cgi and containing the mac_pc_dba parameter filled with repeated characters.
Example command using tcpdump to capture such traffic:
- tcpdump -i <interface> -A 'tcp dst port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) > 8000)'
Alternatively, using tools like Wireshark or network intrusion detection systems (NIDS) to filter HTTP POST requests to /setup.cgi with large payloads containing mac_pc_dba can help identify exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling remote access to the affected Trendnet TEW-657BRM router's management interface to prevent exploitation via remote HTTP POST requests.
Since the product is discontinued and no longer supported, applying vendor patches is not possible.
Consider replacing the affected device with a supported and updated router model to eliminate the vulnerability.
Additionally, monitoring network traffic for suspicious POST requests to /setup.cgi and blocking such traffic via firewall rules can reduce risk.