Description
A vulnerability was identified in Trendnet TEW-657BRM 1.00.1. The affected element is the function add_apcdb of the file /setup.cgi. The manipulation of the argument mac_pc_dba leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer.
Published: 2026-04-02
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Replace Device
AI Analysis

Impact

A stack-based buffer overflow exists in the add_apcdb function of /setup.cgi when the mac_pc_dba parameter is manipulated. This flaw can corrupt the call stack, and although the description does not explicitly confirm arbitrary code execution, the overflow is a well-known vector for executing attacker-supplied code, so it is inferred that remote code execution is possible.

Affected Systems

The affected product is the Trendnet TEW‑657BRM wireless router running firmware version 1.00.1. This model has been discontinued and reached end‑of‑life since 2011, and no security updates are supplied.

Risk and Exploitability

The flaw can be triggered remotely and public exploits exist, giving the threat actor a ready-to-use attack path. The CVSS score of 8.7 indicates high severity, while the EPSS score of less than 1% suggests low likelihood of current exploitation. The vendor’s product is no longer supported, and the vulnerability is not listed in the CISA KEV catalog, yet the combination of a high-impact remote trigger and the absence of a vendor fix makes it a significant risk.

Generated by OpenCVE AI on April 7, 2026 at 20:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Replace the Trendnet TEW‑657BRM with a supported device or firmware that is actively maintained.
  • Block external access to the /setup.cgi endpoint or isolate the device on a separate VLAN to prevent remote exploitation.
  • If replacement is infeasible, disable or remove the add_apcdb functionality through configuration or firmware modifications if available.
  • Continuously monitor router logs and network traffic for attempts to exploit the add_apcdb parameter.

Generated by OpenCVE AI on April 7, 2026 at 20:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:h:trendnet:tew-657brm:-:*:*:*:*:*:*:*
cpe:2.3:o:trendnet:tew-657brm_firmware:1.00.1:*:*:*:*:*:*:*

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Trendnet tew-657brm
Vendors & Products Trendnet tew-657brm

Thu, 02 Apr 2026 15:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in Trendnet TEW-657BRM 1.00.1. The affected element is the function add_apcdb of the file /setup.cgi. The manipulation of the argument mac_pc_dba leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer.
Title Trendnet TEW-657BRM setup.cgi add_apcdb stack-based overflow
First Time appeared Trendnet
Trendnet tew-657brm Firmware
Weaknesses CWE-119
CWE-121
CPEs cpe:2.3:o:trendnet:tew-657brm_firmware:*:*:*:*:*:*:*:*
Vendors & Products Trendnet
Trendnet tew-657brm Firmware
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Trendnet Tew-657brm Tew-657brm Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-02T18:51:16.407Z

Reserved: 2026-04-01T16:47:01.073Z

Link: CVE-2026-5349

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-04-02T16:16:27.597

Modified: 2026-04-07T14:15:16.770

Link: CVE-2026-5349

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:55:38Z

Weaknesses