EUVD-2026-33316
GHSA-x5x3-v9hr-2jhp
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. Affected is the function formWPS of the file /goform/formWPS. The manipulation of the argument peerPin results in command injection. The attack can be executed remotely. The exploit has been made public and could be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.
AnalysisAI
Command injection in TRENDnet TEW-432BRP firmware 3.10B20 allows a low-privileged, network-based attacker to execute arbitrary OS commands on the device by manipulating the peerPin argument submitted to the formWPS CGI handler at /goform/formWPS. A public proof-of-concept exploit is available on GitHub, confirmed by the E:P modifier in the CVSS 4.0 vector. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires authenticated access to the router's web administration interface - the CVSS 4.0 vector PR:L confirms low-privilege credentials are sufficient; administrator-level access is not required. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 base score of 2.1 is unusually low for a network-reachable command injection, and the reason is traceable: the vector requires PR:L (low-privilege authentication), and impact is capped at VC:L/VI:L/VA:L with no subsequent system scope (SC:N/SI:N/SA:N). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained or guessed low-privilege credentials to the TEW-432BRP's web administration interface sends a crafted HTTP POST request to /goform/formWPS with a peerPin value containing shell metacharacters (e.g., semicolons or backticks followed by arbitrary commands). The router's CGI handler passes the unsanitized value directly to a system shell, executing the injected command with the web server's process privileges. … |
| Remediation | No vendor-released patch exists and none will be issued - TRENDnet explicitly stated the product has been EOL since 2009. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today