Skip to main content

TRENDnet TEW-432BRP EUVD-2026-33505

| CVE-2026-10183 HIGH
Stack-based Buffer Overflow (CWE-121)
2026-05-31 VulDB GHSA-73fj-3962-8jh6
Buffer Overflow Stack Overflow Tew 432Brp
7.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.4 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

5
Analysis Updated
May 31, 2026 - 14:28 vuln.today
v3 (cvss_changed)
Analysis Updated
May 31, 2026 - 14:28 vuln.today
v2 (cvss_changed)
Re-analysis Queued
May 31, 2026 - 14:22 vuln.today
cvss_changed
CVSS changed
May 31, 2026 - 14:22 NVD
8.8 (HIGH) 7.4 (HIGH)
Analysis Generated
May 31, 2026 - 13:50 vuln.today

DescriptionCVE.org

A vulnerability was identified in TRENDnet TEW-432BRP 3.10B20. This affects the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argument enrollee leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.

AnalysisAI

Stack-based buffer overflow in TRENDnet TEW-432BRP 3.10B20 router allows remote attackers with low privileges to corrupt memory via the enrollee parameter in the formWlanSetup handler at /goform/formWlanSetup. Publicly available exploit code exists, and the vendor has explicitly declined to patch because the device reached end-of-life in 2009. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Identify exposed TEW-432BRP admin interface
Delivery
Obtain low-privilege/admin session on web UI
Exploit
POST oversized enrollee to /goform/formWlanSetup
Install
Overflow stack buffer and overwrite return address
C2
Execute shellcode as httpd (root)
Execute
Persist via modified firmware config or backdoor account
Impact
Pivot to LAN, intercept traffic, alter DNS
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires network reachability to the device's HTTP administration interface and an authenticated session sufficient to invoke /goform/formWlanSetup (CVSS PR:L), so the attacker must have either valid admin credentials, default/unchanged credentials, a hijacked session, or LAN-side access where the panel is exposed without strong auth. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment CVSS 4.0 vector AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H scores 7.4 (High), reflecting network reach, low complexity, and full confidentiality/integrity/availability impact on the vulnerable component, but PR:L indicates some authentication or session context is required, which limits drive-by exploitation. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has reached the router's web administration interface - for example, a malicious user on the LAN/WLAN, or an external attacker against a unit with WAN-side admin enabled or default credentials - sends a crafted POST to /goform/formWlanSetup with an oversized 'enrollee' value, overwriting the saved return address on the stack. Because the public PoC at github.com/wudipjq/my_vuln demonstrates the crash and offset, weaponization to a working root shell on this mitigation-free MIPS/ARM firmware is well within reach of a moderately skilled attacker. …
Remediation No vendor-released patch identified at time of analysis - TRENDnet has publicly stated it will not produce a fix because the TEW-432BRP has been EOL since 2009, so the only durable remediation is to decommission the device and replace it with a currently supported router. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Conduct network inventory to identify and document all TRENDnet TEW-432BRP 3.10B20 router instances and confirm internet exposure. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-33505 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy