Skip to main content

TRENDnet TEW-432BRP CVE-2026-10181

| EUVD-2026-33503 HIGH
Stack-based Buffer Overflow (CWE-121)
2026-05-31 VulDB GHSA-88p4-r3v2-m497
Buffer Overflow Stack Overflow Tew 432Brp
7.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.4 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

5
Analysis Updated
May 31, 2026 - 13:28 vuln.today
v3 (cvss_changed)
Analysis Updated
May 31, 2026 - 13:27 vuln.today
v2 (cvss_changed)
Re-analysis Queued
May 31, 2026 - 13:22 vuln.today
cvss_changed
CVSS changed
May 31, 2026 - 13:22 NVD
8.8 (HIGH) 7.4 (HIGH)
Analysis Generated
May 31, 2026 - 13:20 vuln.today

DescriptionCVE.org

A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. The affected element is the function formSysCmd of the file /goform/formSysCmd. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.

AnalysisAI

Stack-based buffer overflow in TRENDnet TEW-432BRP wireless router firmware 3.10B20 allows remote authenticated attackers to corrupt memory via a crafted submit-url argument to the formSysCmd handler at /goform/formSysCmd. Publicly available exploit code exists per VulDB submission and a GitHub PoC, while the device has been end-of-life since 2009 and the vendor has explicitly stated they will not issue a fix. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Identify exposed TEW-432BRP web UI
Delivery
Obtain or default-guess admin credential
Exploit
POST oversized submit-url to /goform/formSysCmd
Install
Overflow stack buffer in formSysCmd
C2
Hijack saved return address
Execute
Execute shellcode as httpd/root
Impact
Pivot into LAN or persist on router
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Attacker must be able to reach the device's HTTP management interface (LAN-side by default, or WAN-side if the owner enabled remote administration) and must possess valid web UI credentials, since CVSS PR:L indicates low-privileged authentication is required - on these consumer routers that is frequently the unchanged factory default admin password. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H scores 7.4 and indicates a network-reachable, low-complexity attack that nonetheless requires low-level privileges (PR:L) - meaning a valid web UI credential, which on these consumer routers is often the unchanged default. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained or guessed a low-privileged web UI credential (or reaches an internet-exposed admin interface where defaults remain) sends a single HTTP POST to /goform/formSysCmd with an overlong submit-url parameter, overflowing the stack buffer in formSysCmd and overwriting the saved return address to redirect execution. Because the public GitHub PoC at wudipjq/my_vuln/TRENDnet/vuln_18 already demonstrates the crash primitive, weaponization to a root shell on the router is a straightforward next step for an attacker willing to fingerprint the exact firmware build.
Remediation No vendor-released patch identified at time of analysis - TRENDnet has publicly declined to fix the issue because the TEW-432BRP has been EOL since 2009, so the primary remediation is hardware replacement with a currently supported router. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Scan network infrastructure for any TEW-432BRP devices on firmware version 3.10B20; immediately isolate discovered units from internet access. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-10181 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy