Skip to main content

TRENDnet TEW-432BRP CVE-2026-10158

| EUVD-2026-33477 HIGH
Stack-based Buffer Overflow (CWE-121)
2026-05-31 VulDB GHSA-cmfx-vxp8-w2v6
Buffer Overflow Stack Overflow Tew 432Brp
7.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.4 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

5
Analysis Updated
May 31, 2026 - 02:29 vuln.today
v3 (cvss_changed)
Analysis Updated
May 31, 2026 - 02:28 vuln.today
v2 (cvss_changed)
Re-analysis Queued
May 31, 2026 - 02:22 vuln.today
cvss_changed
CVSS changed
May 31, 2026 - 02:22 NVD
8.8 (HIGH) 7.4 (HIGH)
Analysis Generated
May 31, 2026 - 01:41 vuln.today

DescriptionCVE.org

A security flaw has been discovered in TRENDnet TEW-432BRP 3.10B20. Affected is the function formPortFw of the file /goform/formPortFw. The manipulation of the argument server_name results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.

AnalysisAI

Stack-based buffer overflow in the TRENDnet TEW-432BRP 3.10B20 wireless router's web interface allows authenticated remote attackers to corrupt memory by sending a crafted server_name parameter to the formPortFw handler at /goform/formPortFw, potentially achieving arbitrary code execution on the device. Publicly available exploit code exists, and the vendor has explicitly refused to issue a fix because the product has been end-of-life since 2009.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Identify exposed TEW-432BRP admin interface
Delivery
Obtain admin credentials (default/reuse/phish)
Exploit
Authenticate to web UI
Install
POST oversized server_name to /goform/formPortFw
C2
Overflow stack buffer in formPortFw
Execute
Hijack return address to shellcode
Impact
Pivot or intercept LAN traffic from router
Sign in to reveal

Vulnerability AssessmentAI

Exploitation The attacker must be able to reach the router's HTTP administration interface (typically TCP/80 on the LAN, and on the WAN only if remote management is enabled) and must possess valid administrative credentials, as indicated by PR:L in the CVSS 4.0 vector; the vulnerable code path is the formPortFw handler at /goform/formPortFw, so the device's port-forwarding configuration page must be reachable and the server_name parameter accepted by that handler. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment CVSS 4.0 scores this 7.4 (High) with vector AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H - network reachable, low complexity, but requiring low privileges (PR:L), indicating an authenticated session is needed. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained admin credentials to a TEW-432BRP - for example via default credentials, credential reuse, phishing the owner, or pivoting from a compromised LAN host - submits a POST request to /goform/formPortFw with an overlong server_name value, overflowing the stack buffer in formPortFw and overwriting the saved return address to redirect execution to embedded shellcode or a ROP chain. With a working public PoC already published on GitHub, weaponization is trivial, yielding code execution in the context of the router's web daemon and enabling DNS hijacking, traffic interception, or use of the device as a foothold inside the victim network.
Remediation No vendor-released patch identified at time of analysis - TRENDnet has publicly declined to fix the issue because the device has been EOL since 2009, so the only durable remediation is to decommission and replace the TEW-432BRP with a currently supported router. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

24 hours: Inventory all TRENDnet TEW-432BRP 3.10B20 routers in production. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-10158 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy