CVE-2026-5349: Stack-based Buffer Overflow in Trendnet TEW-657BRM
CVE-2026-5349 is a high-severity stack-based buffer overflow vulnerability in the Trendnet TEW-657BRM router version 1. 00. 1. The flaw exists in the add_apcdb function within the /setup. cgi file, where manipulation of the mac_pc_dba argument can trigger the overflow. This vulnerability can be exploited remotely without user interaction and has a publicly available exploit. However, the affected product has been discontinued and reached end-of-life in June 2011, with no vendor support or patches available. The vendor has stated they cannot confirm or fix the vulnerability but will notify registered customers via their website. No known exploits are currently observed in the wild.
AI Analysis
Technical Summary
The Trendnet TEW-657BRM version 1.00.1 contains a stack-based buffer overflow vulnerability in the add_apcdb function of /setup.cgi. Remote attackers can exploit this by manipulating the mac_pc_dba argument, potentially leading to code execution or denial of service. The vulnerability has a CVSS 4.0 score of 8.7 (high severity) indicating network attack vector, low attack complexity, no privileges or user interaction required, and high impact on confidentiality, integrity, and availability. The product is discontinued and unsupported since 2011, and no official patch or fix is available from the vendor.
Potential Impact
Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code or cause a denial of service on the affected device. Given the high CVSS score, the impact on confidentiality, integrity, and availability is significant. However, the affected product is discontinued and no longer supported, limiting the practical impact to environments still using this legacy hardware.
Mitigation Recommendations
No official patch or fix is available because the product has been discontinued and is no longer supported by the vendor. Users should consider replacing the affected device with a supported model to mitigate risk. The vendor will notify registered customers via their website but cannot provide a remediation. Patch status is not confirmed; check the vendor's product support page for any updates.
CVE-2026-5349: Stack-based Buffer Overflow in Trendnet TEW-657BRM
Description
CVE-2026-5349 is a high-severity stack-based buffer overflow vulnerability in the Trendnet TEW-657BRM router version 1. 00. 1. The flaw exists in the add_apcdb function within the /setup. cgi file, where manipulation of the mac_pc_dba argument can trigger the overflow. This vulnerability can be exploited remotely without user interaction and has a publicly available exploit. However, the affected product has been discontinued and reached end-of-life in June 2011, with no vendor support or patches available. The vendor has stated they cannot confirm or fix the vulnerability but will notify registered customers via their website. No known exploits are currently observed in the wild.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The Trendnet TEW-657BRM version 1.00.1 contains a stack-based buffer overflow vulnerability in the add_apcdb function of /setup.cgi. Remote attackers can exploit this by manipulating the mac_pc_dba argument, potentially leading to code execution or denial of service. The vulnerability has a CVSS 4.0 score of 8.7 (high severity) indicating network attack vector, low attack complexity, no privileges or user interaction required, and high impact on confidentiality, integrity, and availability. The product is discontinued and unsupported since 2011, and no official patch or fix is available from the vendor.
Potential Impact
Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code or cause a denial of service on the affected device. Given the high CVSS score, the impact on confidentiality, integrity, and availability is significant. However, the affected product is discontinued and no longer supported, limiting the practical impact to environments still using this legacy hardware.
Mitigation Recommendations
No official patch or fix is available because the product has been discontinued and is no longer supported by the vendor. Users should consider replacing the affected device with a supported model to mitigate risk. The vendor will notify registered customers via their website but cannot provide a remediation. Patch status is not confirmed; check the vendor's product support page for any updates.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-04-01T16:47:01.073Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 69ce8d6ee6bfc5ba1de64e2b
Added to database: 4/2/2026, 3:38:22 PM
Last enriched: 4/9/2026, 10:56:01 PM
Last updated: 5/20/2026, 8:49:58 PM
Views: 71
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.