Description
A security flaw has been discovered in Trendnet TEW-657BRM 1.00.1. The impacted element is the function update_pcdb of the file /setup.cgi. The manipulation of the argument mac_pc_dba results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer.
Published: 2026-04-02
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: Remote code execution via stack buffer overflow
Action: Replace Device
AI Analysis

Impact

The vulnerability lies in the update_pcdb function within /setup.cgi, where an attacker can supply a crafted mac_pc_dba parameter that overflows a stack buffer. This stack-based buffer overflow can allow the execution of arbitrary code on the device, compromising confidentiality, integrity, and availability of the affected router.

Affected Systems

The flaw affects Trendnet TEW‑657BRM routers running firmware version 1.00.1. This model was discontinued and declared end‑of‑life in June 2011, and the vendor no longer provides security support or firmware updates for it.

Risk and Exploitability

The CVSS score is 8.7, indicating high severity. A public exploit has already been released, and the vulnerability can be triggered remotely. No EPSS data is available and the issue is not listed in CISA's KEV catalog. Because the device is out of support and a remote attacker can gain full control, the risk remains significant and immediate attention is required.

Generated by OpenCVE AI on April 2, 2026 at 16:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Confirm whether any Trendnet TEW‑657BRM routers running firmware 1.00.1 are present in the environment.
  • If the device is still in use, block or restrict access to /setup.cgi by firewall rules or network segmentation.
  • Disable remote management features on the router if they are not required.
  • Replace the device with a supported model that receives regular security updates.
  • Continuously monitor network traffic for anomalous activity originating from the device.

Generated by OpenCVE AI on April 2, 2026 at 16:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Trendnet tew-657brm
Vendors & Products Trendnet tew-657brm

Thu, 02 Apr 2026 15:45:00 +0000

Type Values Removed Values Added
Description A security flaw has been discovered in Trendnet TEW-657BRM 1.00.1. The impacted element is the function update_pcdb of the file /setup.cgi. The manipulation of the argument mac_pc_dba results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer.
Title Trendnet TEW-657BRM setup.cgi update_pcdb stack-based overflow
First Time appeared Trendnet
Trendnet tew-657brm Firmware
Weaknesses CWE-119
CWE-121
CPEs cpe:2.3:o:trendnet:tew-657brm_firmware:*:*:*:*:*:*:*:*
Vendors & Products Trendnet
Trendnet tew-657brm Firmware
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Trendnet Tew-657brm Tew-657brm Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-02T16:20:02.920Z

Reserved: 2026-04-01T16:47:05.558Z

Link: CVE-2026-5350

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-02T16:16:27.863

Modified: 2026-04-02T16:16:27.863

Link: CVE-2026-5350

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T20:20:09Z

Weaknesses