CVE-2026-5349
Published: 02 April 2026
Description
A vulnerability was identified in Trendnet TEW-657BRM 1.00.1. The affected element is the function add_apcdb of the file /setup.cgi. The manipulation of the argument mac_pc_dba leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit is publicly…
more
available and might be used. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer.
Mitigating Controls (NIST 800-53 r5)AI
Prohibits the use of end-of-life and unsupported system components like the discontinued Trendnet TEW-657BRM router, eliminating exposure to unpatchable vulnerabilities such as this buffer overflow.
Requires identification, reporting, and remediation of known flaws like CVE-2026-5349 through patching, mitigation, or removal, critical for unsupported products lacking vendor fixes.
Mandates validation of inputs such as the mac_pc_dba argument to prevent stack-based buffer overflows triggered by malformed data in the /setup.cgi function.
Security SummaryAI
CVE-2026-5349 is a stack-based buffer overflow vulnerability (CWE-119, CWE-121) in the add_apcdb function within the /setup.cgi file of Trendnet TEW-657BRM version 1.00.1. The issue arises from manipulation of the mac_pc_dba argument, allowing remote attackers to trigger the overflow. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity with network accessibility, low attack complexity, and requirements for low privileges.
Attackers with low-privileged remote access, such as authenticated users to the device's web interface, can exploit this vulnerability without user interaction. Successful exploitation enables high-impact compromise, including arbitrary code execution, data theft, modification of device configurations, or denial of service, potentially leading to full control over the affected router.
Vendor advisories confirm the product has been discontinued and end-of-life since June 23, 2011—over 14 years ago—with no ongoing support or patches available. The vendor cannot verify the vulnerability but plans to announce it on their product support page and notify registered customers. No mitigations or updates are provided, as the product is unsupported.
A proof-of-concept exploit is publicly available, increasing the risk of targeted attacks against remaining deployments of this legacy device. Security practitioners should prioritize inventory checks for TEW-657BRM routers and recommend immediate decommissioning or network isolation.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The stack-based buffer overflow in the web CGI (/setup.cgi) allows remote authenticated attackers to achieve arbitrary code execution on the router, directly mapping to T1190 for exploiting a public-facing application and T1059.004 for subsequent Unix shell command execution.