Skip to main content

TRENDnet TEW-432BRP CVE-2026-10159

| EUVD-2026-33478 HIGH
Stack-based Buffer Overflow (CWE-121)
2026-05-31 VulDB GHSA-93f4-pc5c-hr94
Buffer Overflow Stack Overflow Tew 432Brp
7.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.4 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

5
Analysis Updated
May 31, 2026 - 02:28 vuln.today
v3 (cvss_changed)
Analysis Updated
May 31, 2026 - 02:27 vuln.today
v2 (cvss_changed)
Re-analysis Queued
May 31, 2026 - 02:22 vuln.today
cvss_changed
CVSS changed
May 31, 2026 - 02:22 NVD
8.8 (HIGH) 7.4 (HIGH)
Analysis Generated
May 31, 2026 - 01:41 vuln.today

DescriptionCVE.org

A weakness has been identified in TRENDnet TEW-432BRP 3.10B20. Affected by this vulnerability is the function formSysLog of the file /goform/formSysLog. This manipulation of the argument current_page causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.

AnalysisAI

Stack-based buffer overflow in the TRENDnet TEW-432BRP wireless router (firmware 3.10B20) allows authenticated remote attackers to corrupt memory via the current_page parameter handled by the formSysLog function at /goform/formSysLog, potentially achieving arbitrary code execution on the device. Publicly available exploit code exists, and the vendor has explicitly declined to issue a fix because the product has been end-of-life since 2009. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Identify exposed TEW-432BRP web UI
Delivery
Obtain admin credentials (default/brute-force)
Exploit
Send POST to /goform/formSysLog with oversized current_page
Install
Overflow stack buffer in formSysLog
C2
Redirect execution to shellcode/ROP
Execute
Gain root on router
Impact
Pivot to LAN or hijack DNS
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires network reachability to the router's HTTP administration interface and authenticated access at admin/low-privilege level (CVSS PR:L) to invoke the /goform/formSysLog endpoint with a malicious current_page parameter; no user interaction is required (UI:N). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H) scores 7.4 and indicates network-reachable, low-complexity exploitation with low privileges required and full confidentiality/integrity/availability impact on the device - meaning an attacker needs valid (often default) admin credentials to reach the vulnerable endpoint, which substantially limits mass exploitation but is trivially bypassed where default credentials remain unchanged. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with valid (or default) admin credentials to the router's web interface sends a crafted HTTP request to /goform/formSysLog with an oversized current_page parameter, overflowing the stack buffer in formSysLog and overwriting the saved return address to redirect execution to attacker-controlled shellcode or a ROP chain. Because a public PoC is hosted on GitHub, low-skill adversaries can reproduce the attack to gain code execution as the router's web daemon (typically root on these embedded devices), enabling DNS hijacking, persistent botnet implants, or pivoting into the LAN.
Remediation No vendor-released patch identified at time of analysis - TRENDnet has publicly declined to investigate or fix the issue because the TEW-432BRP has been end-of-life since 2009, so the only durable remediation is decommissioning and replacing the device with a currently supported router. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: conduct network inventory to identify active TEW-432BRP devices and document firmware versions. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-10159 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy