CVE-2026-5350

HighPublic PoC

Published: 02 April 2026

Published

02 April 2026

Modified

07 April 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0011 28.5th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

A security flaw has been discovered in Trendnet TEW-657BRM 1.00.1. The impacted element is the function update_pcdb of the file /setup.cgi. The manipulation of the argument mac_pc_dba results in stack-based buffer overflow. The attack can be launched remotely. The exploit…

has been released to the public and may be used for attacks. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer.

Mitigating Controls (NIST 800-53 r5)AI

SA-22 Unsupported System Components good match

prevent

Directly prohibits the use of unsupported system components like this EOL router with no patches available.

SI-2 Flaw Remediation good match

prevent

Requires identification and remediation of flaws, necessitating removal or replacement of unpatchable EOL systems vulnerable to this buffer overflow.

RA-5 Vulnerability Monitoring and Scanning partial match

detect

Vulnerability scanning detects deployments of this EOL router firmware affected by the stack-based buffer overflow.

Security SummaryAI

CVE-2026-5350 is a stack-based buffer overflow vulnerability (CWE-119, CWE-121) affecting the Trendnet TEW-657BRM router on firmware version 1.00.1. The flaw resides in the update_pcdb function within the /setup.cgi file, where manipulation of the mac_pc_dba argument triggers the overflow.

The vulnerability enables remote exploitation by an attacker possessing low privileges, such as an authenticated user, with low attack complexity and no requirement for user interaction. Successful exploitation grants high confidentiality, integrity, and availability impacts (CVSS v3.1 base score of 8.8: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), potentially allowing arbitrary code execution. A public exploit has been released and may be used for attacks.

Vendor advisories indicate no patches or support are available, as the TEW-657BRM reached end-of-life on June 23, 2011, over 14 years ago. The vendor cannot confirm the vulnerabilities due to lack of support but plans to announce details on their website's product support page and notify registered customers. The issue affects only discontinued, unsupported products.

Notable context includes the public availability of an exploit, increasing risk for any remaining deployments of this obsolete router.

Details

CWE(s): CWE-119 CWE-121

Affected Products

trendnet

tew-657brm firmware

1.00.1

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

The stack-based buffer overflow in the router's public web CGI interface (/setup.cgi) enables remote authenticated attackers to achieve arbitrary code execution on an internet-facing application.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

References

https://github.com/panda666-888/vuls/blob/main/trendnet/tew-657brm/update_pcdb.md
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/submit/781567
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/vuln/354703
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/vuln/354703/cti
Permissions Required, VDB Entry · cna@vuldb.com