CVE-2026-10121: TRENDnet TEW-432BRP Stack Buffer Overflow
A stack-based buffer overflow vulnerability has been discovered in the TRENDnet TEW-432BRP wireless router running firmware version 3.10B20. The flaw exists in the URL filter configuration function and can be triggered by sending a specially crafted request containing an oversized keyword list parameter. An attacker with network access and valid credentials can exploit this remotely to crash the device or potentially execute arbitrary code. TRENDnet has confirmed the product reached end-of-life in 2009 and will not be issuing patches.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 8.8 HIGH · CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Weaknesses (CWE)
- CWE-119, CWE-121
- Affected products
- 0 configuration(s)
- Published / Modified
- 2026-05-30 / 2026-06-17
NVD description (verbatim)
A flaw has been found in TRENDnet TEW-432BRP 3.10B20. The impacted element is the function formSetUrlFilter of the file /goform/formSetUrlFilter. This manipulation of the argument keyword_list/keyword causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.
4 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
CVE-2026-10121 is a stack-based buffer overflow in the formSetUrlFilter function accessible via the /goform/formSetUrlFilter endpoint. The vulnerability stems from insufficient bounds checking on the keyword_list or keyword parameter, allowing an authenticated attacker to overflow the stack and corrupt memory. This affects TRENDnet TEW-432BRP firmware 3.10B20. The vulnerability is classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow), both indicating memory safety issues. Exploitation requires valid credentials (PR:L per CVSS vector), though the attack is network-accessible and does not require user interaction.
Business impact
Organizations running legacy TRENDnet TEW-432BRP routers face potential network disruption and unauthorized access. A successful exploit could render affected routers inoperable or allow an authenticated insider to gain full device control, potentially compromising network segmentation or enabling lateral movement. Since the product has been unsupported since 2009, no vendor patches will be released. Organizations still relying on this hardware should treat it as inherently unmanageable from a security perspective and plan for replacement or isolation.
Affected systems
The vulnerability impacts TRENDnet TEW-432BRP devices running firmware 3.10B20. This consumer-grade wireless router model has been out of support for 15 years. Any organization or network still operating this equipment is affected if it remains reachable by authenticated users or network segments.
Exploitability
Proof-of-concept exploit code has been published, increasing practical exploitability. The attack requires valid credentials, which limits exposure in air-gapped or tightly controlled environments but raises risk in networks with multiple user accounts or where credentials have been compromised. The CVSS score of 8.8 reflects high impact—confidentiality, integrity, and availability are all threatened—combined with network accessibility and minimal attack complexity. This is a straightforward memory safety bug that skilled attackers can weaponize without significant effort.
Remediation
No patches are available from TRENDnet. Organizations should immediately remove or isolate any TEW-432BRP routers from production networks. Replace affected devices with currently supported hardware from the vendor or alternative manufacturers. If replacement is not immediately feasible, segment these routers to a separate management network with strict access controls, disable remote administration features, and restrict credential access. Monitor these devices closely for unauthorized access attempts.
Patch guidance
Vendor has explicitly stated this product will not receive updates. Do not wait for a patch. Initiate a hardware replacement program immediately. If the device cannot be removed, place it behind additional network controls: restrict administrative access to specific IP ranges, disable any remote management features, change all default credentials to strong values, and consider it a liability rather than a controlled asset. Verify all affected devices in your environment and document their business justification for retention.
Detection guidance
Monitor network logs for POST requests to /goform/formSetUrlFilter with unusually large or malformed keyword_list parameters. Implement network segmentation to isolate these devices and trigger alerts if they receive inbound traffic from unexpected sources. Review device logs for failed or successful authentication attempts, particularly during off-hours. Search asset inventory systems for TEW-432BRP models and cross-reference with active network monitoring to identify instances still in use. Consider these devices unmonitorable in a defense-in-depth sense and prioritize their removal.
Why prioritize this
While the CVSS score is high (8.8), practical urgency is tempered by the fact that this hardware is 15+ years old and likely rare in modern deployments. Organizations that do operate this equipment should treat replacement as a planned infrastructure upgrade rather than an emergency. However, if any TEW-432BRP routers are discovered in use, they represent unpatched, unsupported attack surface and should be removed within your next maintenance window. The publication of exploit code elevates risk for any instance that remains.
Risk score, explained
The CVSS 3.1 score of 8.8 (HIGH) reflects the severity of the vulnerability itself: network-accessible, low attack complexity, memory corruption with full system compromise potential (C:H/I:H/A:H). However, real-world risk is contextual. Deployment in an isolated network or air-gapped environment significantly reduces exposure. Deployment in an internet-facing or multi-user network dramatically increases it. The lack of vendor support means this risk will never be addressed through patching and must be managed through containment or removal.
Frequently asked questions
Is there a patch available?
No. TRENDnet has confirmed this product reached end-of-life in 2009 and will not receive security updates. The only remediation is hardware replacement or network isolation.
Do I need to panic if I have one of these routers?
Not immediately, but you should prioritize replacement. The vulnerability requires valid credentials, so if your router is not exposed to untrusted users or networks, your immediate risk is lower. However, these devices should be retired as part of your standard infrastructure lifecycle. Do not rely on them for security-sensitive operations.
Can this vulnerability be exploited without credentials?
The CVSS vector indicates PR:L (requires low privilege), meaning valid credentials are necessary. If your router is in a closed network with controlled user access, risk is limited. However, if credentials have been compromised or the router is accessible from untrusted segments, exploitation becomes feasible.
What should I do right now?
Inventory your network for any TEW-432BRP devices. For each one found: document its purpose, assess whether it can be replaced immediately, and if not, isolate it to a separate management network with restricted access. Update your asset management records to flag it as unsupported. Include router replacement in your next capital planning cycle.
This analysis is based on published vulnerability data and vendor statements current as of the modification date (2026-06-17). The TEW-432BRP has been unsupported for 15 years; any remaining deployments should be treated as unmanageable infrastructure. Real-world risk depends on network topology, access controls, and credential exposure. Organizations should verify affected hardware in their environment and prioritize replacement in accordance with their own risk tolerance and change management processes. This explainer does not constitute actionable security advice for any specific deployment; consult your own security team and vendor guidance before implementing changes. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).
Related vulnerabilities
- CVE-2026-10062HIGHTRENDnet TEW-432BRP Stack Overflow – EOL Hardware Risk
- CVE-2026-10063HIGHTRENDnet TEW-432BRP Stack Overflow – End-of-Life Router Vulnerability
- CVE-2026-10065HIGHShibby Tomato 1.28 Stack Buffer Overflow in tomatodata.cgi
- CVE-2026-10066HIGHShibby Tomato Stack Buffer Overflow in UPS Service (RCE)
- CVE-2026-10067HIGHShibby Tomato 1.28 Stack Buffer Overflow in multimon.cgi
- CVE-2026-10119HIGHStack Overflow in TRENDnet TEW-432BRP End-of-Life Router
- CVE-2026-10120HIGHTRENDnet TEW-432BRP Buffer Overflow – No Patch Available
- CVE-2026-10122HIGHTRENDnet TEW-432BRP Stack Buffer Overflow – End-of-Life Router Vulnerability