HIGH 8.8

CVE-2026-10120: TRENDnet TEW-432BRP Buffer Overflow – No Patch Available

A stack-based buffer overflow exists in the TRENDnet TEW-432BRP wireless router running firmware version 3.10B20. An attacker with network access and valid credentials can send a specially crafted request to the firewall configuration function, causing a buffer overflow that crashes the device or potentially executes arbitrary code. The vendor has confirmed the product reached end-of-life in 2009 and will not issue patches. Public exploit code is available.

Source data · NVD / CISA · public domain

CVSS
3.1 · 8.8 HIGH · CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weaknesses (CWE)
CWE-119, CWE-121
Affected products
0 configuration(s)
Published / Modified
2026-05-30 / 2026-06-17

NVD description (verbatim)

A vulnerability was detected in TRENDnet TEW-432BRP 3.10B20. The affected element is the function formSetFirewallRule of the file /goform/formSetFirewallRule. The manipulation of the argument firewall_name results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.

4 reference(s) · View on NVD →

SEC.co analysis · AI-assisted, reviewed against source

Technical summary

The vulnerability resides in the formSetFirewallRule function within /goform/formSetFirewallRule on the TRENDnet TEW-432BRP. The firewall_name parameter is processed without proper bounds checking, allowing a remote attacker with valid credentials to overflow the stack buffer. This is a classic stack-based buffer overflow (CWE-119, CWE-121) that can lead to denial of service or code execution depending on exploitation technique and device memory layout. The CVSS 3.1 score of 8.8 reflects high severity: network-accessible, low attack complexity, but requiring authenticated access.

Business impact

Organizations still operating the TEW-432BRP face unauthorized access, data interception, and potential remote code execution. An authenticated attacker on the network could pivot to further compromise internal systems, intercept traffic, or disable the gateway entirely. Since the device is over 15 years EOL, no vendor patches will be available; remediation requires hardware replacement or network isolation. For enterprises managing legacy infrastructure, this creates persistent risk unless the device is decommissioned or segmented.

Affected systems

TRENDnet TEW-432BRP firmware version 3.10B20 is the only confirmed affected release. The device is a small business/prosumer wireless router. Because the product has been EOL since 2009, affected inventory is likely limited to legacy deployments in small offices, remote sites, or test environments. Organizations should audit network device inventories to identify any remaining units still in production use.

Exploitability

The vulnerability requires valid credentials to exploit (authentication is required), which moderates immediate risk in untrusted-network scenarios. However, public exploit code is available, lowering the technical barrier for motivated attackers. In internal network environments where account compromise is possible, or in deployments using default credentials, exploitability is straightforward. Remote code execution is possible but not trivial; denial of service is the more reliable outcome.

Remediation

No patch exists and none will be released by the vendor. Immediate options are: (1) replace the device with a supported model, (2) disable remote management and firewall rule modification via network segmentation, or (3) retire the device if it no longer serves critical functions. For organizations unable to replace quickly, isolate the device on a separate management VLAN with restricted access and monitor for suspicious activity. Verify that credential access to the device is limited to authorized administrators.

Patch guidance

No patch is available from TRENDnet. The vendor's statement confirms end-of-life status and lack of maintenance capability. Do not expect vendor-supplied firmware updates. Organizations must pursue hardware replacement as the primary remediation path. When transitioning away from the TEW-432BRP, ensure replacement devices receive regular firmware updates from an active vendor.

Detection guidance

Monitor network traffic for HTTP POST requests to /goform/formSetFirewallRule with unusually long or suspicious firewall_name parameter values. Log all firewall configuration changes on the device if that capability exists. Set up alerts on unexpected device restarts (crash signatures). Deploy network segmentation to restrict administrative access to the device to known management subnets. Since the device is EOL, consider it a candidate for security monitoring appliances or network taps that observe its traffic for anomalies.

Why prioritize this

Although the CVSS score is high (8.8), prioritization depends on actual device presence and deployment context. If the TEW-432BRP is confirmed in your inventory and internet-facing or on a shared network segment with user-accessible systems, treat it as high priority for replacement. If it is isolated, legacy, or already decommissioned, prioritize inventory verification over immediate action. The public exploit availability accelerates risk once an attacker gains network access or credentials.

Risk score, explained

CVSS 3.1 score of 8.8 (HIGH severity) reflects: network-accessible attack vector, low attack complexity, requirement for valid authentication, and high impact to confidentiality, integrity, and availability. The score is not CRITICAL because authentication is required, preventing full remote exploitation from unauthenticated attackers. However, the availability of public exploits and the complete lack of vendor support push the practical risk higher for affected organizations still operating the device.

Frequently asked questions

Do I need to act immediately if I have this router?

If your TEW-432BRP is still active on your network, begin replacement planning now. If it is isolated on a test network or scheduled for retirement, document its status and monitor for any attempts to access it. Immediate replacement is ideal; network segmentation can reduce risk in the interim.

Can I apply a third-party firmware patch?

No supported third-party firmware is available for this device. Using unofficial firmware is not recommended and may introduce additional security risks. Hardware replacement is the safest path.

What if an attacker already has valid credentials to my network?

An authenticated attacker can exploit this vulnerability without additional tricks. Ensure strong password policies, multi-factor authentication on privileged accounts, and regular credential audits. Monitor administrative access logs on the device if available.

Why is this vulnerability being disclosed now if the product is 15 years EOL?

Public disclosure of EOL product vulnerabilities serves as a warning to organizations that may still be unknowingly running the hardware. It also creates an opportunity to identify and retire devices that may pose risk in production environments.

This analysis is based on publicly available information as of the publication date. The TRENDnet vendor statement confirms end-of-life status and lack of fix availability. Organizations should verify the presence of affected devices in their inventory before taking action. This vulnerability only affects the TEW-432BRP model at version 3.10B20; verify your device model and firmware version against vendor documentation. SEC.co does not provide warranty on third-party information or exploit code; use all guidance at your own risk and in accordance with your organization's security policies. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).