Tew 432Brp
Monthly
Stack-based buffer overflow in TRENDnet TEW-432BRP 3.10B20 router allows remote attackers with low privileges to corrupt memory via the enrollee parameter in the formWlanSetup handler at /goform/formWlanSetup. Publicly available exploit code exists, and the vendor has explicitly declined to patch because the device reached end-of-life in 2009. No CISA KEV listing is present, but the combination of public PoC, network-reachable attack surface, and permanent unpatched status makes any internet-exposed unit a standing risk.
Command injection in TRENDnet TEW-432BRP firmware 3.10B20 allows remote low-privileged attackers to execute arbitrary OS commands by manipulating the `enrollee` parameter in the `/goform/formWlanSetup` wireless configuration handler. The product reached end-of-life in 2009, and TRENDnet has formally and explicitly declined to issue a patch, leaving all deployed units permanently unpatched with no vendor remediation path. Publicly available exploit code exists on GitHub, materially lowering the exploitation barrier, though no confirmed active exploitation (CISA KEV) has been recorded at time of analysis.
Stack-based buffer overflow in TRENDnet TEW-432BRP wireless router firmware 3.10B20 allows remote authenticated attackers to corrupt memory via a crafted submit-url argument to the formSysCmd handler at /goform/formSysCmd. Publicly available exploit code exists per VulDB submission and a GitHub PoC, while the device has been end-of-life since 2009 and the vendor has explicitly stated they will not issue a fix. No CISA KEV listing or EPSS score was provided, but the combination of public PoC and abandoned product status makes any exposed device a concrete target.
Command injection in TRENDnet TEW-432BRP firmware 3.10B20 enables remote attackers with low-privilege credentials to execute arbitrary OS commands by injecting shell metacharacters into the sysCmd parameter of the /goform/formSysCmd endpoint. A public proof-of-concept exploit is available on GitHub, lowering the barrier to exploitation. The vendor has confirmed no patch will be released - the device has been end-of-life since 2009 - meaning any remaining deployed units are permanently unpatched.
Stack-based buffer overflow in TRENDnet TEW-432BRP 3.10B20 router firmware allows authenticated remote attackers to corrupt memory via the webpage parameter in the formSetPassword handler at /goform/formSetPassword, with publicly available exploit code increasing risk. The vendor has formally declined to patch this end-of-life device (EOL since 2009), making any deployment permanently vulnerable. CVSS 4.0 rates this 7.4 (High) with proven exploit maturity, though no CISA KEV listing exists at this time.
Stack-based buffer overflow in TRENDnet TEW-432BRP router (firmware 3.10B20) allows authenticated remote attackers to corrupt memory via the status_statistic parameter in the /goform/formResetStatistic endpoint, potentially leading to code execution or device compromise. Publicly available exploit code exists on GitHub, and the vendor has confirmed the product is end-of-life (EOL since 2009) and will not be patched. No CISA KEV listing or EPSS data is provided in the input, so widespread exploitation status is unconfirmed.
Stack-based buffer overflow in TRENDnet TEW-432BRP 3.10B20 wireless router allows authenticated remote attackers to corrupt memory via the start_wizard parameter in the /goform/formSetEnableWizard endpoint. Publicly available exploit code exists, and the vendor has confirmed they will not issue a fix because the device has been end-of-life since 2009. EPSS data was not provided, and the CVE is not listed in CISA KEV, but the combination of trivial exploitability and no forthcoming patch makes this a permanent risk for any still-deployed units.
Stack-based buffer overflow in the TRENDnet TEW-432BRP wireless router (firmware 3.10B20) allows authenticated remote attackers to corrupt memory via the current_page parameter handled by the formSysLog function at /goform/formSysLog, potentially achieving arbitrary code execution on the device. Publicly available exploit code exists, and the vendor has explicitly declined to issue a fix because the product has been end-of-life since 2009. Affected deployments are unsupported legacy hardware with no remediation path other than replacement.
Stack-based buffer overflow in the TRENDnet TEW-432BRP 3.10B20 wireless router's web interface allows authenticated remote attackers to corrupt memory by sending a crafted server_name parameter to the formPortFw handler at /goform/formPortFw, potentially achieving arbitrary code execution on the device. Publicly available exploit code exists, and the vendor has explicitly refused to issue a fix because the product has been end-of-life since 2009.
Stack-based buffer overflow in TRENDnet TEW-432BRP 3.10B20 router firmware allows authenticated remote attackers to corrupt memory via the formSetDomainFilter handler at /goform/formSetDomainFilter by manipulating the blocked_domain, permitted_domain, blocked_domain_list, or permitted_domain_list parameters. Publicly available exploit code exists, and the vendor has stated the device has been end-of-life since 2009 and will not receive a fix, leaving any internet-exposed unit permanently vulnerable. No CISA KEV listing or EPSS data was provided, but the combination of public PoC and abandoned hardware materially elevates real-world risk.
Stack-based buffer overflow in TRENDnet TEW-432BRP 3.10B20 routers allows authenticated remote attackers to corrupt memory and likely execute arbitrary code by sending a crafted protocol_name argument to the formSetProtocolFilter handler at /goform/formSetProtocolFilter. Publicly available exploit code exists on GitHub, and the vendor has confirmed the device has been end-of-life since 2009 and will not receive a fix, leaving deployed units permanently vulnerable.
Stack-based buffer overflow in TRENDnet TEW-432BRP 3.10B20 router firmware allows remote authenticated attackers to corrupt memory and likely execute arbitrary code by sending crafted keyword_list or keyword parameters to the /goform/formSetUrlFilter endpoint. Publicly available exploit code exists on GitHub, and the vendor has explicitly refused to issue a fix because the device has been end-of-life since 2009. No CISA KEV listing at this time, but the combination of public PoC, network reachability, and unpatched status makes any internet-exposed device a standing target.
Stack-based buffer overflow in the TRENDnet TEW-432BRP wireless router (firmware 3.10B20) allows remote authenticated attackers to corrupt memory by manipulating the firewall_name parameter sent to /goform/formSetFirewallRule, potentially leading to arbitrary code execution on the device. Publicly available exploit code exists for this issue, and because the product has been end-of-life since 2009 the vendor has explicitly refused to release a fix, leaving any still-deployed devices permanently vulnerable.
Stack-based buffer overflow in TRENDnet TEW-432BRP 3.10B20 router firmware allows authenticated remote attackers to corrupt memory via the filter_name parameter of the formSetMACFilter handler at /goform/formSetMACFilter, potentially leading to arbitrary code execution or device compromise. Publicly available exploit code exists (published via GitHub), and the vendor has explicitly stated they will not patch because the device reached end-of-life in 2009. Despite a CVSS 4.0 score of 7.4, no CISA KEV listing or EPSS data is provided in the source intelligence.
Stack-based buffer overflow in TRENDnet TEW-432BRP wireless router firmware 3.10B20 allows authenticated remote attackers to corrupt memory via the peerPin parameter handled by the formWPS function in /goform/formWPS, potentially leading to arbitrary code execution or device crash. Publicly available exploit code exists, and the vendor has explicitly declined to issue a fix as the device has been end-of-life since 2009. No CISA KEV listing or EPSS score is provided, but the combination of public POC and unpatchable status materially elevates real-world risk for any device still deployed.
Stack-based buffer overflow in TRENDnet TEW-432BRP router firmware 3.10B20 allows authenticated remote attackers to corrupt memory by sending crafted ip, mask, or gateway parameters to the formSetRoute handler at /goform/formSetRoute, potentially achieving arbitrary code execution on the device. Publicly available exploit code exists (disclosed via VulDB and a GitHub PoC), and because the product has been end-of-life since 2009 the vendor has explicitly declined to issue a fix. No active exploitation has been confirmed via CISA KEV at time of analysis.
Command injection in TRENDnet TEW-432BRP firmware 3.10B20 allows a low-privileged, network-based attacker to execute arbitrary OS commands on the device by manipulating the peerPin argument submitted to the formWPS CGI handler at /goform/formWPS. A public proof-of-concept exploit is available on GitHub, confirmed by the E:P modifier in the CVSS 4.0 vector. No patch has been or will ever be released - the vendor explicitly confirmed this router reached end-of-life in 2009, making permanent device replacement the only viable remediation.
Command injection in TRENDnet TEW-432BRP firmware 3.10B20 allows network-reachable authenticated attackers to execute arbitrary OS commands by injecting shell metacharacters into the ip, mask, or gateway parameters of the formSetRoute CGI handler at /goform/formSetRoute. A public proof-of-concept exploit has been disclosed on GitHub. No patch will ever be released - TRENDnet has explicitly confirmed the device reached end-of-life in 2009 and is unable to replicate or remediate the vulnerability, making permanent residual risk the defining characteristic of this CVE.
Stack-based buffer overflow in TRENDnet TEW-432BRP 3.10B20 router allows remote attackers with low privileges to corrupt memory via the enrollee parameter in the formWlanSetup handler at /goform/formWlanSetup. Publicly available exploit code exists, and the vendor has explicitly declined to patch because the device reached end-of-life in 2009. No CISA KEV listing is present, but the combination of public PoC, network-reachable attack surface, and permanent unpatched status makes any internet-exposed unit a standing risk.
Command injection in TRENDnet TEW-432BRP firmware 3.10B20 allows remote low-privileged attackers to execute arbitrary OS commands by manipulating the `enrollee` parameter in the `/goform/formWlanSetup` wireless configuration handler. The product reached end-of-life in 2009, and TRENDnet has formally and explicitly declined to issue a patch, leaving all deployed units permanently unpatched with no vendor remediation path. Publicly available exploit code exists on GitHub, materially lowering the exploitation barrier, though no confirmed active exploitation (CISA KEV) has been recorded at time of analysis.
Stack-based buffer overflow in TRENDnet TEW-432BRP wireless router firmware 3.10B20 allows remote authenticated attackers to corrupt memory via a crafted submit-url argument to the formSysCmd handler at /goform/formSysCmd. Publicly available exploit code exists per VulDB submission and a GitHub PoC, while the device has been end-of-life since 2009 and the vendor has explicitly stated they will not issue a fix. No CISA KEV listing or EPSS score was provided, but the combination of public PoC and abandoned product status makes any exposed device a concrete target.
Command injection in TRENDnet TEW-432BRP firmware 3.10B20 enables remote attackers with low-privilege credentials to execute arbitrary OS commands by injecting shell metacharacters into the sysCmd parameter of the /goform/formSysCmd endpoint. A public proof-of-concept exploit is available on GitHub, lowering the barrier to exploitation. The vendor has confirmed no patch will be released - the device has been end-of-life since 2009 - meaning any remaining deployed units are permanently unpatched.
Stack-based buffer overflow in TRENDnet TEW-432BRP 3.10B20 router firmware allows authenticated remote attackers to corrupt memory via the webpage parameter in the formSetPassword handler at /goform/formSetPassword, with publicly available exploit code increasing risk. The vendor has formally declined to patch this end-of-life device (EOL since 2009), making any deployment permanently vulnerable. CVSS 4.0 rates this 7.4 (High) with proven exploit maturity, though no CISA KEV listing exists at this time.
Stack-based buffer overflow in TRENDnet TEW-432BRP router (firmware 3.10B20) allows authenticated remote attackers to corrupt memory via the status_statistic parameter in the /goform/formResetStatistic endpoint, potentially leading to code execution or device compromise. Publicly available exploit code exists on GitHub, and the vendor has confirmed the product is end-of-life (EOL since 2009) and will not be patched. No CISA KEV listing or EPSS data is provided in the input, so widespread exploitation status is unconfirmed.
Stack-based buffer overflow in TRENDnet TEW-432BRP 3.10B20 wireless router allows authenticated remote attackers to corrupt memory via the start_wizard parameter in the /goform/formSetEnableWizard endpoint. Publicly available exploit code exists, and the vendor has confirmed they will not issue a fix because the device has been end-of-life since 2009. EPSS data was not provided, and the CVE is not listed in CISA KEV, but the combination of trivial exploitability and no forthcoming patch makes this a permanent risk for any still-deployed units.
Stack-based buffer overflow in the TRENDnet TEW-432BRP wireless router (firmware 3.10B20) allows authenticated remote attackers to corrupt memory via the current_page parameter handled by the formSysLog function at /goform/formSysLog, potentially achieving arbitrary code execution on the device. Publicly available exploit code exists, and the vendor has explicitly declined to issue a fix because the product has been end-of-life since 2009. Affected deployments are unsupported legacy hardware with no remediation path other than replacement.
Stack-based buffer overflow in the TRENDnet TEW-432BRP 3.10B20 wireless router's web interface allows authenticated remote attackers to corrupt memory by sending a crafted server_name parameter to the formPortFw handler at /goform/formPortFw, potentially achieving arbitrary code execution on the device. Publicly available exploit code exists, and the vendor has explicitly refused to issue a fix because the product has been end-of-life since 2009.
Stack-based buffer overflow in TRENDnet TEW-432BRP 3.10B20 router firmware allows authenticated remote attackers to corrupt memory via the formSetDomainFilter handler at /goform/formSetDomainFilter by manipulating the blocked_domain, permitted_domain, blocked_domain_list, or permitted_domain_list parameters. Publicly available exploit code exists, and the vendor has stated the device has been end-of-life since 2009 and will not receive a fix, leaving any internet-exposed unit permanently vulnerable. No CISA KEV listing or EPSS data was provided, but the combination of public PoC and abandoned hardware materially elevates real-world risk.
Stack-based buffer overflow in TRENDnet TEW-432BRP 3.10B20 routers allows authenticated remote attackers to corrupt memory and likely execute arbitrary code by sending a crafted protocol_name argument to the formSetProtocolFilter handler at /goform/formSetProtocolFilter. Publicly available exploit code exists on GitHub, and the vendor has confirmed the device has been end-of-life since 2009 and will not receive a fix, leaving deployed units permanently vulnerable.
Stack-based buffer overflow in TRENDnet TEW-432BRP 3.10B20 router firmware allows remote authenticated attackers to corrupt memory and likely execute arbitrary code by sending crafted keyword_list or keyword parameters to the /goform/formSetUrlFilter endpoint. Publicly available exploit code exists on GitHub, and the vendor has explicitly refused to issue a fix because the device has been end-of-life since 2009. No CISA KEV listing at this time, but the combination of public PoC, network reachability, and unpatched status makes any internet-exposed device a standing target.
Stack-based buffer overflow in the TRENDnet TEW-432BRP wireless router (firmware 3.10B20) allows remote authenticated attackers to corrupt memory by manipulating the firewall_name parameter sent to /goform/formSetFirewallRule, potentially leading to arbitrary code execution on the device. Publicly available exploit code exists for this issue, and because the product has been end-of-life since 2009 the vendor has explicitly refused to release a fix, leaving any still-deployed devices permanently vulnerable.
Stack-based buffer overflow in TRENDnet TEW-432BRP 3.10B20 router firmware allows authenticated remote attackers to corrupt memory via the filter_name parameter of the formSetMACFilter handler at /goform/formSetMACFilter, potentially leading to arbitrary code execution or device compromise. Publicly available exploit code exists (published via GitHub), and the vendor has explicitly stated they will not patch because the device reached end-of-life in 2009. Despite a CVSS 4.0 score of 7.4, no CISA KEV listing or EPSS data is provided in the source intelligence.
Stack-based buffer overflow in TRENDnet TEW-432BRP wireless router firmware 3.10B20 allows authenticated remote attackers to corrupt memory via the peerPin parameter handled by the formWPS function in /goform/formWPS, potentially leading to arbitrary code execution or device crash. Publicly available exploit code exists, and the vendor has explicitly declined to issue a fix as the device has been end-of-life since 2009. No CISA KEV listing or EPSS score is provided, but the combination of public POC and unpatchable status materially elevates real-world risk for any device still deployed.
Stack-based buffer overflow in TRENDnet TEW-432BRP router firmware 3.10B20 allows authenticated remote attackers to corrupt memory by sending crafted ip, mask, or gateway parameters to the formSetRoute handler at /goform/formSetRoute, potentially achieving arbitrary code execution on the device. Publicly available exploit code exists (disclosed via VulDB and a GitHub PoC), and because the product has been end-of-life since 2009 the vendor has explicitly declined to issue a fix. No active exploitation has been confirmed via CISA KEV at time of analysis.
Command injection in TRENDnet TEW-432BRP firmware 3.10B20 allows a low-privileged, network-based attacker to execute arbitrary OS commands on the device by manipulating the peerPin argument submitted to the formWPS CGI handler at /goform/formWPS. A public proof-of-concept exploit is available on GitHub, confirmed by the E:P modifier in the CVSS 4.0 vector. No patch has been or will ever be released - the vendor explicitly confirmed this router reached end-of-life in 2009, making permanent device replacement the only viable remediation.
Command injection in TRENDnet TEW-432BRP firmware 3.10B20 allows network-reachable authenticated attackers to execute arbitrary OS commands by injecting shell metacharacters into the ip, mask, or gateway parameters of the formSetRoute CGI handler at /goform/formSetRoute. A public proof-of-concept exploit has been disclosed on GitHub. No patch will ever be released - TRENDnet has explicitly confirmed the device reached end-of-life in 2009 and is unable to replicate or remediate the vulnerability, making permanent residual risk the defining characteristic of this CVE.