CVE-2026-5349 identifies a critical stack-based buffer overflow vulnerability in the Trendnet TEW-657BRM router, specifically in firmware version 1.00.1. The vulnerability resides in the add_apcdb function of the /setup.cgi endpoint, where improper handling of the mac_pc_dba parameter allows an attacker to overflow the stack buffer. This overflow can be exploited remotely without requiring authentication or user interaction, enabling potential arbitrary code execution with elevated privileges on the device. The exploit leverages the lack of bounds checking on the input parameter, which overwrites the stack memory, potentially leading to control flow hijacking. Despite the availability of a public exploit, the affected router model has been discontinued and unsupported since June 2011, meaning no official patches or fixes are provided by Trendnet. The CVSS 4.0 score of 8.7 reflects the vulnerability's high impact on confidentiality, integrity, and availability, combined with its low attack complexity and no requirement for privileges or user interaction. The vulnerability's presence in an outdated device limits its widespread impact but poses a significant risk to legacy systems still in operation, especially in environments where such devices are connected to critical networks without proper segmentation or replacement plans.

The exploitation of CVE-2026-5349 can lead to complete compromise of the affected Trendnet TEW-657BRM router, allowing attackers to execute arbitrary code remotely with elevated privileges. This can result in unauthorized access to internal networks, interception or manipulation of network traffic, and potential pivoting to other connected systems. The confidentiality, integrity, and availability of network communications passing through the device are at high risk. Organizations relying on this legacy hardware may face network outages, data breaches, or persistent backdoors. Given the product's discontinued status and lack of vendor support, affected devices cannot be patched, increasing the likelihood of exploitation if these devices remain connected to the internet or untrusted networks. The impact is particularly severe in industrial, small business, or home environments where device replacement cycles are longer and security controls may be weaker.

Since no official patches are available due to the product's end-of-life status, organizations should prioritize immediate replacement of the Trendnet TEW-657BRM routers with supported, updated hardware. Until replacement, affected devices should be isolated from untrusted networks, especially the internet, by implementing strict network segmentation and firewall rules to block access to the /setup.cgi endpoint. Monitoring network traffic for unusual requests targeting the mac_pc_dba parameter can help detect exploitation attempts. Disabling remote management features or restricting management access to trusted IP addresses can reduce exposure. Additionally, organizations should conduct thorough inventories to identify any remaining devices of this model and remove or replace them promptly. Employing network intrusion detection systems (NIDS) with signatures for known exploits targeting this vulnerability can provide early warning. Finally, educating network administrators about the risks of using unsupported legacy hardware is critical to prevent similar risks in the future.