Vulnerabilities ›

CVE-2026-5349

High ⚡ Exploit Available

CWE-119 — Weakness Type

                    Published: Apr 2, 2026                      ·  Modified: Apr 9, 2026                      ·  Source: NVD                

CVSS v3

8.8

🔗 NVD Official

📄 Description (English)

A vulnerability was identified in Trendnet TEW-657BRM 1.00.1. The affected element is the function add_apcdb of the file /setup.cgi. The manipulation of the argument mac_pc_dba leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer.

🤖 AI Executive Summary

CVE-2026-5349 is a stack-based buffer overflow vulnerability in the discontinued Trendnet TEW-657BRM router (firmware 1.00.1) affecting the /setup.cgi add_apcdb function. With a CVSS score of 8.8 and publicly available exploits, this poses significant risk to organizations still operating legacy network equipment. No vendor patches are available as the product reached end-of-life in 2011, requiring immediate device replacement or network isolation strategies.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: Apr 23, 2026 16:05

🇸🇦 Saudi Arabia Impact Assessment

This vulnerability primarily affects Saudi organizations operating legacy network infrastructure, particularly in government agencies, educational institutions, and smaller enterprises that may still use discontinued Trendnet equipment. Banking and financial sectors (SAMA-regulated) face elevated risk if these routers are deployed in non-critical network segments. Telecommunications providers (STC, Mobily) and energy sector organizations may have legacy equipment in remote or secondary locations. The public exploit availability significantly increases attack surface for organizations with poor asset inventory management.

🏢 Affected Saudi Sectors

Government and Public Administration Education and Research Small and Medium Enterprises Healthcare (secondary networks) Telecommunications Energy and Utilities

🎯 MITRE ATT&CK Techniques

T1190 - Exploit Public-Facing Application T1133 - External Remote Services T1021 - Remote Services T1059 - Command and Scripting Interpreter T1548 - Abuse Elevation Control Mechanism

⚖️ Saudi Risk Score (AI)

7.2

/ 10.0

🔧 Remediation Steps (English)

Immediate Actions:

1. Conduct comprehensive network asset inventory to identify all Trendnet TEW-657BRM devices in production

2. Isolate affected devices from critical network segments and internet-facing connections

3. Implement network segmentation to restrict access to /setup.cgi endpoints

4. Monitor for suspicious HTTP requests to /setup.cgi with mac_pc_dba parameters



Patching Guidance:

- No vendor patches available; device replacement is mandatory

- Procure replacement routers from current vendors with active security support

- Plan phased replacement strategy prioritizing internet-facing and critical infrastructure devices



Compensating Controls:

- Deploy WAF rules to block requests containing buffer overflow payloads targeting /setup.cgi

- Implement strict access controls limiting setup.cgi access to authorized administrative IPs only

- Disable remote management features if not essential

- Apply network-level filtering to block suspicious traffic patterns



Detection Rules:

- Monitor for HTTP POST requests to /setup.cgi with unusually long mac_pc_dba parameter values (>256 bytes)

- Alert on any access attempts to /setup.cgi from non-administrative IP ranges

- Track failed authentication attempts to device management interfaces

- Implement IDS signatures for stack overflow exploitation patterns

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. إجراء جرد شامل لأصول الشبكة لتحديد جميع أجهزة Trendnet TEW-657BRM قيد الإنتاج

2. عزل الأجهزة المتأثرة عن القطاعات الحرجة في الشبكة والاتصالات المواجهة للإنترنت

3. تنفيذ تقسيم الشبكة لتقييد الوصول إلى نقاط نهاية /setup.cgi

4. مراقبة طلبات HTTP المريبة إلى /setup.cgi مع معاملات mac_pc_dba



إرشادات التصحيح:

- لا توجد تصحيحات من البائع؛ استبدال الجهاز إلزامي

- الحصول على أجهزة توجيه بديلة من البائعين الحاليين مع دعم أمان نشط

- التخطيط لاستراتيجية استبدال مرحلية تعطي الأولوية للأجهزة المواجهة للإنترنت والبنية التحتية الحرجة



الضوابط التعويضية:

- نشر قواعد WAF لحظر الطلبات التي تحتوي على حمولات تجاوز سعة المخزن المؤقت التي تستهدف /setup.cgi

- تنفيذ ضوابط وصول صارمة تقيد وصول setup.cgi بعناوين IP إدارية مصرح بها فقط

- تعطيل ميزات الإدارة البعيدة إذا لم تكن ضرورية

- تطبيق تصفية على مستوى الشبكة لحظر أنماط حركة المرور المريبة



قواعد الكشف:

- مراقبة طلبات HTTP POST إلى /setup.cgi مع قيم معاملات mac_pc_dba طويلة بشكل غير عادي (>256 بايت)

- تنبيه على أي محاولات وصول إلى /setup.cgi من نطاقات IP غير إدارية

- تتبع محاولات المصادقة الفاشلة لواجهات إدارة الأجهزة

- تنفيذ توقيعات IDS لأنماط استغلال تجاوز سعة المخزن المؤقت

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.5.1.1 - Information security policies and procedures A.8.1.1 - Asset management and inventory control A.8.2.1 - Secure configuration management A.8.3.1 - Vulnerability and patch management A.13.1.1 - Network security controls

🔵 SAMA CSF

ID.AM-1 - Asset Management ID.RA-1 - Risk Assessment PR.DS-6 - Data Security Configuration PR.IP-12 - Security Patch Management DE.CM-8 - Vulnerability Scanning

🟡 ISO 27001:2022

A.5.1 - Management direction for information security A.8.1 - Asset management A.8.2 - Information classification and handling A.12.6 - Management of technical vulnerabilities A.13.1 - Network security perimeter

🟣 PCI DSS v4.0.1

Requirement 1.1 - Firewall configuration standards Requirement 6.2 - Security patches and updates Requirement 11.2 - Vulnerability scanning

🔗 References & Sources 4

🔗

https://github.com/panda666-888/vuls/blob/main/trendnet/tew-657brm/add_apcdb.md

cna@vuldb.com

Exploit Third Party Advisory

🔗

https://vuldb.com/submit/781563

cna@vuldb.com

Third Party Advisory VDB Entry

🔗

https://vuldb.com/vuln/354702

cna@vuldb.com

Third Party Advisory VDB Entry

🔗

https://vuldb.com/vuln/354702/cti

cna@vuldb.com

Permissions Required VDB Entry

📦 Affected Products / CPE 1 entries

trendnet:tew-657brm_firmware:1.00.1

📊 CVSS Score

8.8

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score8.8

CWECWE-119

EPSS0.04%

Exploit ✓ Yes

Patch ✗ No

Published 2026-04-02

Source Feed nvd

🇸🇦 Saudi Risk Score

7.2

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-119

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-5349

💬 Comments

Introduce Yourself

Sign In Required