EUVD-2026-33504
GHSA-8mm7-wgg4-c7ff
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A vulnerability was determined in TRENDnet TEW-432BRP 3.10B20. The impacted element is the function formWlanSetup of the file /goform/formWlanSetup. Executing a manipulation of the argument enrollee can lead to command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.
AnalysisAI
Command injection in TRENDnet TEW-432BRP firmware 3.10B20 allows remote low-privileged attackers to execute arbitrary OS commands by manipulating the enrollee parameter in the /goform/formWlanSetup wireless configuration handler. The product reached end-of-life in 2009, and TRENDnet has formally and explicitly declined to issue a patch, leaving all deployed units permanently unpatched with no vendor remediation path. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires two concrete prerequisites: (1) network-level reachability to the device's HTTP web management interface, and (2) a low-privileged authenticated session on the device (confirmed by CVSS PR:L). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 base score of 6.3 (Medium) reflects network-reachable exploitation (AV:N) with low attack complexity (AC:L), no user interaction required (UI:N), and a limited blast radius with confidentiality, integrity, and availability all rated Low - partially explained by the unchanged scope (S:U). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with low-privileged credentials to the TEW-432BRP web management interface - obtainable via default credentials, credential stuffing, or brute force against the aging device - submits a crafted HTTP POST request to `/goform/formWlanSetup` with shell metacharacters or command separators embedded in the `enrollee` parameter. The firmware's unsanitized command construction passes the injected payload to a system shell, executing attacker-controlled commands with the privileges of the web server process. … |
| Remediation | No vendor-released patch has been identified at time of analysis - TRENDnet has explicitly confirmed they will not provide a fix due to the product's 15-year end-of-life status. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today