Skip to main content

TRENDnet TEW-432BRP CVE-2026-10121

| EUVD-2026-33463 HIGH
Stack-based Buffer Overflow (CWE-121)
2026-05-30 VulDB GHSA-rpcp-pxcr-gpx8
Buffer Overflow Stack Overflow Tew 432Brp
7.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.4 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

5
Analysis Updated
May 30, 2026 - 16:31 vuln.today
v3 (cvss_changed)
Analysis Updated
May 30, 2026 - 16:31 vuln.today
v2 (cvss_changed)
Re-analysis Queued
May 30, 2026 - 16:22 vuln.today
cvss_changed
CVSS changed
May 30, 2026 - 16:22 NVD
8.8 (HIGH) 7.4 (HIGH)
Analysis Generated
May 30, 2026 - 15:45 vuln.today

DescriptionCVE.org

A flaw has been found in TRENDnet TEW-432BRP 3.10B20. The impacted element is the function formSetUrlFilter of the file /goform/formSetUrlFilter. This manipulation of the argument keyword_list/keyword causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.

AnalysisAI

Stack-based buffer overflow in TRENDnet TEW-432BRP 3.10B20 router firmware allows remote authenticated attackers to corrupt memory and likely execute arbitrary code by sending crafted keyword_list or keyword parameters to the /goform/formSetUrlFilter endpoint. Publicly available exploit code exists on GitHub, and the vendor has explicitly refused to issue a fix because the device has been end-of-life since 2009. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Identify exposed TEW-432BRP web UI
Delivery
Authenticate with default or reused admin credentials
Exploit
POST oversized keyword_list to /goform/formSetUrlFilter
Install
Overflow stack buffer in formSetUrlFilter
C2
Hijack return address to shellcode
Execute
Execute commands as root on router
Impact
Pivot to DNS hijack or traffic interception
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires network reachability to the device's HTTP administration interface (LAN by default, or WAN where the legacy remote-management feature is enabled) and a valid authenticated session to the web UI per CVSS PR:L - in practice this is a weak barrier on TEW-432BRP units because factory default admin/admin credentials are commonly retained. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H scores 7.4 and indicates network-reachable, low-complexity exploitation requiring low privileges (an authenticated session to the router web UI) with high impact on confidentiality, integrity, and availability of the device itself; the unchanged subsequent-system metrics (SC:N/SI:N/SA:N) limit blast radius to the router. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained or guessed router admin credentials - trivially common on this EOL device since factory defaults like admin/admin were rarely changed - reaches the web UI either over the LAN or, where remote management is enabled, across the internet, and POSTs an over-long keyword_list or keyword value to /goform/formSetUrlFilter. The oversized parameter overflows a stack buffer in the embedded web daemon running as root, and using the published PoC technique the attacker overwrites the return address to gain code execution on the router, enabling persistent DNS hijacking, traffic interception, or use of the device as a residential proxy.
Remediation No vendor-released patch identified at time of analysis - TRENDnet has formally declined to fix the issue due to the product's 2009 end-of-life status, so the only durable remediation is to decommission the TEW-432BRP and replace it with a currently supported router. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Scan network for all TRENDnet TEW-432BRP 3.10B20 devices and map internet exposure. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-10121 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy