Skip to main content

TRENDnet TEW-432BRP EUVD-2026-33326

| CVE-2026-10063 HIGH
Stack-based Buffer Overflow (CWE-121)
2026-05-29 VulDB GHSA-8wp9-qgxj-6pm5
Buffer Overflow Stack Overflow Tew 432Brp
7.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.4 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

5
Analysis Updated
May 29, 2026 - 15:29 vuln.today
v3 (cvss_changed)
Analysis Updated
May 29, 2026 - 15:29 vuln.today
v2 (cvss_changed)
Re-analysis Queued
May 29, 2026 - 15:22 vuln.today
cvss_changed
CVSS changed
May 29, 2026 - 15:22 NVD
8.8 (HIGH) 7.4 (HIGH)
Analysis Generated
May 29, 2026 - 15:16 vuln.today

DescriptionCVE.org

A vulnerability was identified in TRENDnet TEW-432BRP 3.10B20. Affected by this issue is the function formWPS of the file /goform/formWPS. Such manipulation of the argument peerPin leads to stack-based buffer overflow. The attack may be performed from remote. The exploit is publicly available and might be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.

AnalysisAI

Stack-based buffer overflow in TRENDnet TEW-432BRP wireless router firmware 3.10B20 allows authenticated remote attackers to corrupt memory via the peerPin parameter handled by the formWPS function in /goform/formWPS, potentially leading to arbitrary code execution or device crash. Publicly available exploit code exists, and the vendor has explicitly declined to issue a fix as the device has been end-of-life since 2009. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Locate exposed TEW-432BRP management interface
Delivery
Authenticate with default or weak credentials
Exploit
Send crafted POST to /goform/formWPS with oversized peerPin
Install
Overflow stack buffer and overwrite return address
C2
Execute shellcode as web server (root)
Execute
Persist via firmware/config modification
Impact
Pivot to LAN or enroll in botnet
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires (1) network reachability to the router's HTTP management interface, which is LAN-side by default but is often exposed to the WAN on misconfigured consumer devices, (2) valid low-privilege credentials to the web UI per CVSS PR:L - commonly the unchanged factory default on this product class, and (3) the vulnerable /goform/formWPS endpoint being reachable, which is the case in stock firmware 3.10B20 regardless of whether WPS is actively in use, since the handler is registered at boot. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H scores 7.4 (High) and reflects network-reachable exploitation with low attack complexity but requiring low privileges (PR:L) - meaning a valid web-UI credential is needed, which on consumer routers is frequently the default admin/admin or a weak user-set password. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained or guessed a valid management credential (often a default such as admin/admin on legacy SOHO routers) sends an HTTP POST to /goform/formWPS with an oversized peerPin parameter, overflowing the stack buffer in formWPS and overwriting the saved return address to redirect execution into attacker-supplied shellcode. Because public POC code is referenced on GitHub, the exploit is reproducible without independent vulnerability research, and successful exploitation yields code execution on the router with the privileges of the web server process - typically root on embedded devices - enabling traffic interception, DNS hijacking, or recruitment into a botnet.
Remediation No vendor-released patch identified at time of analysis - TRENDnet has publicly stated they will not fix this issue because the TEW-432BRP has been EOL since 2009, so the only durable remediation is to decommission the device and replace it with a currently supported router. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Inventory all deployed TEW-432BRP units and immediately restrict administrative access to trusted personnel. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-33326 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy