By vendor
Trendnet vulnerabilities
Known CVEs affecting Trendnet products, prioritized by severity, with SEC.co remediation and detection guidance.
5 published vulnerabilities
- CVE-2026-10062HIGH 8.8
A stack-based buffer overflow vulnerability was discovered in the TRENDnet TEW-432BRP router (firmware version 3.10B20) affecting the route configuration function. An authenticated attacker can send specially crafted requests containing oversized IP, netmask, or gateway parameters to the /goform/formSetRoute endpoint, causing a buffer overflow that enables complete compromise of the device. The vulnerability requires valid login credentials but has been publicly disclosed. Critically, this device reached end-of-life in 2009—over 15 years ago—and the vendor has confirmed no patches or fixes will be developed.
- CVE-2026-10063HIGH 8.8
A stack-based buffer overflow vulnerability exists in the TRENDnet TEW-432BRP wireless router (firmware version 3.10B20) that allows authenticated attackers to remotely crash the device or potentially execute arbitrary code. The flaw is in the WPS (Wi-Fi Protected Setup) configuration function and can be triggered by sending a specially crafted request with an oversized PIN parameter. Critically, this router model reached end-of-life in 2009—over 15 years ago—and TRENDnet has confirmed they will not be providing patches or fixes.
- CVE-2026-10060MEDIUM 6.3
TRENDnet's TEW-432BRP wireless router (firmware version 3.10B20) contains a command injection vulnerability in its route configuration interface. An authenticated attacker can manipulate IP, mask, or gateway parameters to inject arbitrary commands on the device. The vulnerability requires valid credentials but poses a direct threat to affected networks. Critically, this product reached end-of-life in 2009—over 15 years ago—and the vendor has stated it cannot replicate or fix vulnerabilities in legacy hardware.
- CVE-2026-10061MEDIUM 6.3
A command injection vulnerability exists in the TRENDnet TEW-432BRP wireless router (firmware version 3.10B20), discovered in the WPS configuration function. An authenticated attacker can manipulate the peerPin parameter to execute arbitrary commands on the device. The vulnerability is network-accessible and requires valid login credentials. Notably, this router reached end-of-life in 2009—over 15 years ago—and TRENDnet has stated they cannot replicate or provide fixes for vulnerabilities in this legacy hardware. While exploit code is public, the practical risk is limited to organizations still operating this obsolete equipment in production environments.
- CVE-2026-10064MEDIUM 6.3
TRENDnet has disclosed a remote stack-based buffer overflow vulnerability in the TEW-432BRP wireless router (firmware version 3.10B20 and earlier). An authenticated attacker can exploit this flaw by sending a specially crafted request to the port forwarding configuration endpoint, potentially allowing code execution or denial of service. The vendor has confirmed this product reached end-of-life in 2009 and will not issue patches. Public exploit code is available, elevating the practical risk despite the device's age.