Description
A security flaw has been discovered in Trendnet TEW-657BRM 1.00.1. The impacted element is the function update_pcdb of the file /setup.cgi. The manipulation of the argument mac_pc_dba results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer.
Published: 2026-04-02
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Disable Remote Access
AI Analysis

Impact

A stack-based buffer overflow exists in the update_pcdb function of the setup.cgi script on Trendnet TEW-657BRM routers. By sending a specially crafted mac_pc_dba argument, an attacker can overflow a stack buffer and potentially execute arbitrary code on the device. The vulnerability is exploitable remotely; the exploit has been publicly released, so anyone with network access to the device may target it.

Affected Systems

The flaw affects only Trendnet TEW-657BRM routers running firmware version 1.00.1. These units were discontinued and have been out of support since June 23 2011, meaning the vendor no longer provides updates or confirmation of the issue.

Risk and Exploitability

The CVSS score of 8.7 indicates a high severity level, while the EPSS score of less than 1% suggests a low likelihood of widespread exploitation. The vulnerability is not listed in the CISA KEV catalog. Attackers can reach the vulnerable endpoint over the network, though the lack of vendor support limits official mitigations and increases the importance of network isolation or device replacement.

Generated by OpenCVE AI on April 7, 2026 at 23:32 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Disable remote web management of the Trendnet TEW-657BRM.
  • Block external network access to the device by placing it in a separate VLAN or applying firewall rules.
  • Replace the discontinued router with a supported, VPN‑enabled model.
  • Monitor network logs for suspicious activity targeting the router.

Generated by OpenCVE AI on April 7, 2026 at 23:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:h:trendnet:tew-657brm:-:*:*:*:*:*:*:*
cpe:2.3:o:trendnet:tew-657brm_firmware:1.00.1:*:*:*:*:*:*:*

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Trendnet tew-657brm
Vendors & Products Trendnet tew-657brm

Thu, 02 Apr 2026 15:45:00 +0000

Type Values Removed Values Added
Description A security flaw has been discovered in Trendnet TEW-657BRM 1.00.1. The impacted element is the function update_pcdb of the file /setup.cgi. The manipulation of the argument mac_pc_dba results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer.
Title Trendnet TEW-657BRM setup.cgi update_pcdb stack-based overflow
First Time appeared Trendnet
Trendnet tew-657brm Firmware
Weaknesses CWE-119
CWE-121
CPEs cpe:2.3:o:trendnet:tew-657brm_firmware:*:*:*:*:*:*:*:*
Vendors & Products Trendnet
Trendnet tew-657brm Firmware
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Trendnet Tew-657brm Tew-657brm Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-02T16:20:02.920Z

Reserved: 2026-04-01T16:47:05.558Z

Link: CVE-2026-5350

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-04-02T16:16:27.863

Modified: 2026-04-07T16:38:30.010

Link: CVE-2026-5350

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:55:37Z

Weaknesses