EUVD-2026-33500
GHSA-jxjp-7j6j-636j
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. Impacted is the function formSysCmd of the file /goform/formSysCmd. Such manipulation of the argument sysCmd leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.
AnalysisAI
Command injection in TRENDnet TEW-432BRP firmware 3.10B20 enables remote attackers with low-privilege credentials to execute arbitrary OS commands by injecting shell metacharacters into the sysCmd parameter of the /goform/formSysCmd endpoint. A public proof-of-concept exploit is available on GitHub, lowering the barrier to exploitation. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires network-level access to the TEW-432BRP web management interface and valid low-privilege credentials on the device (confirmed by CVSS PR:L). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 6.3 score (Medium) reflects AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L - network-exploitable with low complexity but requiring authenticated access (PR:L), which tempers the score relative to unauthenticated variants. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with low-privilege credentials to the TEW-432BRP web interface submits a crafted HTTP POST request to /goform/formSysCmd with shell metacharacters (e.g., semicolons or backtick-delimited commands) appended to the sysCmd parameter value, causing the router firmware to execute attacker-controlled OS commands with the privileges of the web server process. A public proof-of-concept at https://github.com/wudipjq/my_vuln/blob/main/TRENDnet/vuln_17/17.md documents the exact request structure, enabling replication with minimal effort. |
| Remediation | No vendor-released patch is available and none will be issued, as TRENDnet has declared the TEW-432BRP end-of-life since 2009. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today