HIGH 8.8

CVE-2026-10062: TRENDnet TEW-432BRP Stack Overflow – EOL Hardware Risk

A stack-based buffer overflow vulnerability was discovered in the TRENDnet TEW-432BRP router (firmware version 3.10B20) affecting the route configuration function. An authenticated attacker can send specially crafted requests containing oversized IP, netmask, or gateway parameters to the /goform/formSetRoute endpoint, causing a buffer overflow that enables complete compromise of the device. The vulnerability requires valid login credentials but has been publicly disclosed. Critically, this device reached end-of-life in 2009—over 15 years ago—and the vendor has confirmed no patches or fixes will be developed.

Source data · NVD / CISA · public domain

CVSS
3.1 · 8.8 HIGH · CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weaknesses (CWE)
CWE-119, CWE-121
Affected products
2 configuration(s)
Published / Modified
2026-05-29 / 2026-06-17

NVD description (verbatim)

A vulnerability was determined in TRENDnet TEW-432BRP 3.10B20. Affected by this vulnerability is the function formSetRoute of the file /goform/formSetRoute. This manipulation of the argument ip/mask/gateway causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.

4 reference(s) · View on NVD →

SEC.co analysis · AI-assisted, reviewed against source

Technical summary

The vulnerability exists in the formSetRoute function within /goform/formSetRoute, where input validation on the ip, mask, and gateway parameters is insufficient. The web interface accepts user-supplied routing configuration data without proper bounds checking before copying it to a fixed-size stack buffer. This classic stack overflow condition allows an authenticated user to overwrite the stack frame, potentially executing arbitrary code with the privileges of the web server process. The CVSS 3.1 score of 8.8 (HIGH) reflects the high confidentiality, integrity, and availability impact, though exploitation requires prior authentication (PR:L). CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow) directly characterize the root causes.

Business impact

For organizations still operating this hardware, compromise could result in complete loss of network routing integrity, potential lateral movement into internal networks, or use of the device as a persistent backdoor. However, the business impact is substantially mitigated by the device's age: any organization relying on 15-year-old networking equipment faces far broader risks from lack of security updates, missing features, and hardware failure. The real concern is legacy environments or poorly maintained infrastructure where such devices may still exist in production unnoticed.

Affected systems

Only TRENDnet TEW-432BRP routers running firmware version 3.10B20 or earlier are affected. This is a consumer-grade wireless router that reached end-of-life in 2009. No updates or newer firmware versions exist from the vendor. Any instance of this device currently in operation is vulnerable; the vendor has explicitly stated they cannot and will not develop fixes due to the device's age.

Exploitability

Exploitation requires valid administrative or user credentials to access the web interface, meaning this is not a pre-authentication remote code execution vector. However, the publicly disclosed vulnerability and straightforward nature of the buffer overflow lower the technical barrier once credentials are obtained. The attack is network-accessible and does not require user interaction beyond crafting a malicious request. For an attacker with internal network access or compromised credentials, weaponization is practical and likely automated.

Remediation

The recommended action is to decommission and replace the TEW-432BRP with current networking hardware from a vendor actively providing security updates. If immediate replacement is impossible, isolate the device on a segregated management network, restrict administrative access to trusted sources only, and monitor for suspicious configuration requests. Do not rely on this device for production network routing given its age and abandoned support status. Any delay in replacement should be treated as technical debt with defined remediation timeline.

Patch guidance

No patch exists or will be released by the vendor. The device reached end-of-life in 2009 and remains unsupported. Firmware version 3.10B20 is the final release, and applying it provides no protection against this vulnerability. Replacement with supported hardware is the only viable mitigation path. Organizations should verify whether this device exists in their inventory and prioritize replacement in capital planning.

Detection guidance

Monitor HTTP requests to the /goform/formSetRoute endpoint for unusually long parameter values, particularly in the ip, mask, and gateway fields. Look for POST requests containing these parameters with values exceeding typical IPv4 notation length (approximately 15 characters for an IP address). Review access logs for authentication attempts preceding such requests. Network IDS/IPS signatures targeting stack overflow attacks on this specific endpoint would be effective. However, detection should be coupled with an aggressive asset inventory program to identify and remove these devices entirely.

Why prioritize this

Despite the HIGH CVSS score, the actual organizational risk is LOW for most modern enterprises because this device is extremely unlikely to exist in current production environments. Prioritization should focus on asset inventory verification: confirm whether any TEW-432BRP units remain in use. If found, immediate replacement is the priority. If not found, this represents a false positive for your environment and can be deprioritized. For legacy environments or unmanaged facilities that might still operate this hardware, the prioritization escalates to HIGH due to the ease of exploitation by insider threats or compromised network access.

Risk score, explained

The CVSS 3.1 score of 8.8 reflects high technical severity: remote network access, low complexity, high impact across confidentiality, integrity, and availability. However, the requirement for authentication (PR:L) and the device's obsolescence create significant contextual modifiers. For organizations without this hardware, risk is negligible. For those with legacy deployments, the risk is substantially higher than the base score suggests due to likely lack of monitoring, network segregation, or incident response procedures around abandoned equipment.

Frequently asked questions

Should we patch our TEW-432BRP routers?

No patches exist. The vendor has confirmed this device cannot be patched and is no longer supported. Your only option is to replace it with a current networking device from an active vendor.

What if we can't replace this router immediately?

Implement strict network segmentation: isolate the device on a dedicated management VLAN, restrict administrative access to a whitelist of trusted IPs, disable remote management if possible, and monitor for suspicious configuration requests. However, treat any delay as temporary technical debt—replacement should be scheduled immediately in your capital planning.

Does this affect our TEW-632BRP or other TRENDnet models?

This specific vulnerability affects only the TEW-432BRP model running firmware 3.10B20 or earlier. However, you should verify the age and support status of all network equipment in your environment. Any hardware approaching or past end-of-life should be candidates for replacement regardless of this CVE.

Is this vulnerability being actively exploited?

The vulnerability is publicly disclosed but is not currently tracked in CISA's Known Exploited Vulnerabilities (KEV) catalog. Exploitation would require network access to the device and valid credentials. However, the device's rarity in modern networks and its trivial attack surface make targeted exploitation unlikely unless discovered in a legacy environment during a network assessment.

This analysis is based on CVE-2026-10062 source data current as of the publication date. The TRENDnet TEW-432BRP is confirmed end-of-life with no vendor support available. Organizations should independently verify their asset inventory to confirm presence or absence of this hardware. Security risk from this vulnerability is heavily contextualized to whether the device exists in your environment—organizations without this hardware should deprioritize this CVE in favor of vulnerabilities affecting supported, in-use systems. This is not a substitute for professional vulnerability assessment or incident response planning tailored to your specific infrastructure. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).