Primary

Context

Trendnet TEW-657BRM Stack-Based Buffer Overflow Vulnerability in add_apcdb Function

Vulnerability

A stack-based buffer overflow vulnerability has been identified in the Trendnet TEW-657BRM router, specifically in version 1.00.1. The issue arises in the add_apcdb function within the setup.cgi file, where the mac_pc_dba parameter is processed without proper validation, allowing for remote exploitation. This vulnerability is particularly concerning as the product has been discontinued and unsupported since 2011, leaving users without any official recourse.

Impact

Exploitation of this vulnerability leads to a stack-based buffer overflow, which can commonly result in arbitrary code execution or causing the device to crash.

Reproduction

The vulnerability can be reproduced by sending a crafted POST request to the /setup.cgi endpoint. The request must include an excessively long mac_pc_dba parameter, which will overflow the stack and potentially allow for code execution.

Added: Apr 2, 2026, 6:10 PM

Updated: Apr 2, 2026, 6:10 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.7

remediation

0.0

relevance

5.1

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.7

remediation

0.0

relevance

5.1

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Trendnet TEW-657BRM Stack-Based Buffer Overflow Vulnerability in add_apcdb Function

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating