Description
A vulnerability was identified in Trendnet TEW-657BRM 1.00.1. The affected element is the function add_apcdb of the file /setup.cgi. The manipulation of the argument mac_pc_dba leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer.
Published: 2026-04-02
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: Remote code execution via stack-based buffer overflow
Action: Assess Impact
AI Analysis

Impact

The vulnerability resides in the add_apcdb function of the /setup.cgi script on the Trendnet TEW‑657BRM firmware 1.00.1. A malformed mac_pc_dba argument overflowing a stack buffer can be triggered from a remote attacker. The high CVSS score of 8.7 reflects the potential for arbitrary code execution with the privileges granted to the web‑server process. Publicly documented exploits confirm that this weakness can already be abused, making it a tangible threat to any device still connected to a network.

Affected Systems

Only Trendnet TEW‑657BRM 1.00.1 devices are affected. The product has been discontinued and is not supported by the vendor, so no official patch or update is available. The flaw is confined to the specific firmware package distributed for this router model.

Risk and Exploitability

The flaw scores high on the CVSS scorecard but has no EPSS rating; it is not listed in the CISA KEV catalog. The remote exploitation path requires network access to the device’s web interface, a condition that is often satisfied in typical residential or small‑office deployments. Because the device is obsolete, the likelihood of exploitation depends largely on whether it remains connected to an internet‑exposed network and whether any mitigations (disabling remote access) are applied.

Generated by OpenCVE AI on April 2, 2026 at 16:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Remove or isolate the Trendnet TEW‑657BRM device from all network traffic
  • Replace the device with a supported model that receives regular security updates
  • If removal is not possible, disable all remote management interfaces on the router
  • Monitor network logs for suspicious activity targeting the device’s web interface
  • Apply any community‑provided patches or firmware fixes if they exist

Generated by OpenCVE AI on April 2, 2026 at 16:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Trendnet tew-657brm
Vendors & Products Trendnet tew-657brm

Thu, 02 Apr 2026 15:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in Trendnet TEW-657BRM 1.00.1. The affected element is the function add_apcdb of the file /setup.cgi. The manipulation of the argument mac_pc_dba leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer.
Title Trendnet TEW-657BRM setup.cgi add_apcdb stack-based overflow
First Time appeared Trendnet
Trendnet tew-657brm Firmware
Weaknesses CWE-119
CWE-121
CPEs cpe:2.3:o:trendnet:tew-657brm_firmware:*:*:*:*:*:*:*:*
Vendors & Products Trendnet
Trendnet tew-657brm Firmware
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Trendnet Tew-657brm Tew-657brm Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-02T18:51:16.407Z

Reserved: 2026-04-01T16:47:01.073Z

Link: CVE-2026-5349

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-02T16:16:27.597

Modified: 2026-04-02T16:16:27.597

Link: CVE-2026-5349

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T20:20:10Z

Weaknesses