CVE-2026-10119: Stack Overflow in TRENDnet TEW-432BRP End-of-Life Router
A stack-based buffer overflow vulnerability exists in the TRENDnet TEW-432BRP router (firmware version 3.10B20) in the MAC filter configuration function. An authenticated attacker can send a specially crafted request to overflow the stack via the filter_name parameter, potentially allowing code execution on the device. This affects only legacy hardware that has been end-of-life since 2009—the vendor has explicitly stated no patches will be released due to the product's age and lack of ongoing support.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 8.8 HIGH · CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Weaknesses (CWE)
- CWE-119, CWE-121
- Affected products
- 0 configuration(s)
- Published / Modified
- 2026-05-30 / 2026-06-17
NVD description (verbatim)
A security vulnerability has been detected in TRENDnet TEW-432BRP 3.10B20. Impacted is the function formSetMACFilter of the file /goform/formSetMACFilter. The manipulation of the argument filter_name leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.
4 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
CVE-2026-10119 is a stack-based buffer overflow (CWE-119, CWE-121) in the formSetMACFilter function accessible at /goform/formSetMACFilter on the TEW-432BRP. The vulnerability arises from insufficient bounds checking on the filter_name parameter, allowing an authenticated remote attacker to write beyond allocated stack memory. Exploitation does not require user interaction and results in high confidentiality, integrity, and availability impact. The CVSS 3.1 score of 8.8 reflects the severity, though the attack vector requires network access and prior authentication (PR:L). Public exploit disclosure has occurred, increasing real-world risk.
Business impact
Organizations still operating TRENDnet TEW-432BRP devices face potential compromise of router integrity and traffic visibility. A successful exploit could enable lateral movement, traffic interception, or denial of service. However, the impact scope is limited to organizations that have not upgraded infrastructure in the past 15+ years. The lack of vendor support means no official remediation path exists; operational risk depends entirely on network segmentation and device criticality. Organizations should treat continued deployment as a technical debt risk requiring replacement rather than patching.
Affected systems
Only TRENDnet TEW-432BRP routers running firmware version 3.10B20 are affected. This is a legacy consumer/small-office router with end-of-life status since 2009. The vendor has confirmed no patches will be issued. Any organization still deploying this hardware should assume it receives no security updates for any vulnerability class.
Exploitability
The vulnerability requires network access and valid authentication credentials to trigger. While the barrier to exploitation is moderate (authentication required), the public disclosure of this vulnerability and straightforward nature of stack overflow attacks mean exploitation tooling could be readily available or developed. The combination of a disclosed vulnerability, accessible attack surface, and lack of any available patches creates elevated practical risk for any unpatched instance.
Remediation
No vendor patch exists and will not be released. The only remediation is hardware replacement with a supported router model. Organizations using this device should prioritize migration to current hardware with active vendor support. If immediate replacement is not feasible, implement compensating controls: restrict network access to the router's web interface (firewall rules, segmentation), disable MAC filtering if not operationally required, and isolate the router on a monitored network segment.
Patch guidance
Vendor will not issue patches for this end-of-life product. Consult your device inventory and router lifecycle management process to identify any remaining TEW-432BRP deployments and schedule replacement. When evaluating replacement hardware, verify vendor support lifecycle (typically 5-7 years for mainstream products) and confirm security update cadence is acceptable for your risk profile.
Detection guidance
Monitor network traffic to the router's web interface (/goform/formSetMACFilter) for POST requests with unusually large or malformed filter_name parameters. Additionally, check router logs for authentication followed by abnormal process termination or system resets. Since this hardware is legacy, proactive asset discovery is essential—scan your network for TEW-432BRP devices to determine if any remain in production. Indicators of compromise would include unexpected router crashes, configuration changes, or unexplained outbound traffic from the router.
Why prioritize this
Although the CVSS score is 8.8 (HIGH), prioritization should be tempered by the product's end-of-life status and authentication requirement. Organizations with active TEW-432BRP deployments should prioritize replacement or network isolation as part of regular infrastructure modernization. However, this should not be elevated above vulnerabilities in currently supported products unless the device plays a critical role in network security architecture. For most organizations, this vulnerability highlights the importance of device lifecycle management rather than emergency patching needs.
Risk score, explained
The CVSS 3.1 score of 8.8 reflects high severity due to potential for unauthenticated remote code execution impact (C:H, I:H, A:H). However, the Authentication Required (PR:L) component and the product's end-of-life status materially reduce organizational risk. Real-world priority should discount the raw score by considering: (1) how many instances remain in production, (2) network segmentation controls, and (3) the availability of no-cost mitigation (replacement). Organizations with this hardware in demilitarized zones or external-facing roles face higher actual risk than those with it in isolated lab or backup network segments.
Frequently asked questions
Our organization still uses a TRENDnet TEW-432BRP. What should we do immediately?
First, verify whether the device runs firmware 3.10B20 and whether it has internet-facing access. If possible, immediately restrict network access to the router's administrative interface using firewall rules or network segmentation. If MAC filtering is not operationally required, disable it. Begin procurement of a replacement router from a vendor with active support and a documented security update policy. If the router is only used internally on a segmented network, risk is reduced but replacement should remain a near-term objective.
Why won't the vendor patch this vulnerability?
The TRENDnet TEW-432BRP reached end-of-life in 2009—more than 15 years ago. The vendor has no incentive, resources, or feasible method to reverse-engineer and test firmware updates for discontinued hardware. End-of-life declarations are normal in the industry and indicate a product has exceeded its supported lifecycle. This underscores why organizations should have device lifecycle policies that replace hardware before vendor support truly ends.
Can this vulnerability be exploited without authentication?
No. The CVSS vector specifies PR:L (low privilege required), meaning an attacker must have valid login credentials to the router's web interface. This significantly reduces the attack surface compared to unauthenticated remote exploits. However, many routers use default credentials or weak passwords, so this barrier should not be relied upon as sole protection.
Is this vulnerability actively being exploited in the wild?
The vulnerability has been publicly disclosed, and exploit code has been published. While we have no confirmed active exploitation reports, the combination of disclosure and the product's prominence in small office environments suggests opportunistic attacks are possible. This reinforces the urgency of identifying and replacing affected devices before they become automated targets.
This analysis is provided for informational purposes only and does not constitute legal advice or a guarantee of security. The TRENDnet TEW-432BRP has been end-of-life for over 15 years; any organization still deploying it assumes full responsibility for security posture and risk. SEC.co does not provide technical support for discontinued products. Verify all patch and upgrade information directly with the vendor before deployment. Organizations should conduct their own risk assessment based on actual device inventory, network architecture, and operational requirements. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).
Related vulnerabilities
- CVE-2026-10062HIGHTRENDnet TEW-432BRP Stack Overflow – EOL Hardware Risk
- CVE-2026-10063HIGHTRENDnet TEW-432BRP Stack Overflow – End-of-Life Router Vulnerability
- CVE-2026-10065HIGHShibby Tomato 1.28 Stack Buffer Overflow in tomatodata.cgi
- CVE-2026-10066HIGHShibby Tomato Stack Buffer Overflow in UPS Service (RCE)
- CVE-2026-10067HIGHShibby Tomato 1.28 Stack Buffer Overflow in multimon.cgi
- CVE-2026-10120HIGHTRENDnet TEW-432BRP Buffer Overflow – No Patch Available
- CVE-2026-10121HIGHTRENDnet TEW-432BRP Stack Buffer Overflow
- CVE-2026-10122HIGHTRENDnet TEW-432BRP Stack Buffer Overflow – End-of-Life Router Vulnerability