CVE-2026-10122: TRENDnet TEW-432BRP Stack Buffer Overflow – End-of-Life Router Vulnerability
A stack-based buffer overflow vulnerability exists in the TRENDnet TEW-432BRP wireless router (firmware version 3.10B20) within the protocol filter configuration function. An attacker with network access and valid login credentials can send a specially crafted request to overflow a buffer on the router's stack, potentially executing arbitrary code. TRENDnet has confirmed this product reached end-of-life 15 years ago and will not provide patches. While the exploit details are publicly available, this vulnerability poses limited enterprise risk due to the device's age and likely scarcity in production environments.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 8.8 HIGH · CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Weaknesses (CWE)
- CWE-119, CWE-121
- Affected products
- 0 configuration(s)
- Published / Modified
- 2026-05-30 / 2026-06-17
NVD description (verbatim)
A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. This affects the function formSetProtocolFilter of the file /goform/formSetProtocolFilter. Such manipulation of the argument protocol_name leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.
5 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
The vulnerability resides in the /goform/formSetProtocolFilter endpoint's handling of the protocol_name parameter. Insufficient input validation allows an attacker to supply a parameter value longer than the allocated stack buffer, overwriting adjacent memory including return addresses. The vulnerability is classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow). Exploitation requires authentication and network access to the device's web interface. The attack vector is network-based with low complexity and no user interaction required post-authentication.
Business impact
Organizations that deployed this router model over a decade ago face potential unauthorized access or device compromise if the equipment remains in service without network segmentation. However, practical impact is minimal: the product's 15-year EOL status means few, if any, production deployments should remain. For organizations discovering legacy instances still active, the risk is elevated only if the router handles critical traffic or sits on a trusted network perimeter. No patches are available, making risk acceptance or hardware replacement the only remediation paths.
Affected systems
Only the TRENDnet TEW-432BRP router model running firmware version 3.10B20 is confirmed affected. The vendor has ceased support and stated no firmware updates are available. Any organization running this exact model is potentially vulnerable. Asset discovery tools should be configured to flag this device model if found on corporate networks.
Exploitability
Exploitation requires two conditions: valid login credentials to access the web management interface, and network connectivity to that interface. The low attack complexity and lack of user interaction (once authenticated) indicate the vulnerability is straightforward to exploit. Public disclosure of the vulnerability increases the likelihood that attack code exists, though no weaponized incidents have been reported. The authentication requirement elevates the barrier slightly but does not eliminate risk in environments with weak credential hygiene or default credentials on legacy devices.
Remediation
No vendor patch exists or will be provided. Organizations must choose between: (1) immediate decommissioning and replacement with current-generation equipment, (2) network segmentation and access control restrictions to limit exposure (firewall rules, VLAN isolation), or (3) formal risk acceptance if the device is deemed critical to legacy system operations. If retained, restrict management interface access to trusted administrative networks only and disable remote access via the internet.
Patch guidance
Verify against TRENDnet's official advisory that no patches are available for this EOL product. The vendor explicitly stated in 2026 that no fixes will be released. Organizations should not delay expecting a security update. Instead, develop a timeline to migrate users of this router to supported equipment or implement compensating network controls if immediate replacement is infeasible. Check your asset inventory now to identify any instances still deployed.
Detection guidance
Use network scanning tools to identify TEW-432BRP devices on your network by querying the device's HTTP management interface for version strings or banners. Monitor authentication logs on any remaining instances for failed login attempts from unusual IP addresses, which may indicate reconnaissance or brute-force activity. Deploy intrusion detection signatures for abnormally large HTTP POST payloads to the /goform/formSetProtocolFilter endpoint. If feasible, disable remote management and restrict access to the device's web interface to a single trusted administrative workstation or network segment.
Why prioritize this
Despite the HIGH CVSS score (8.8), enterprise prioritization should remain moderate to low because the affected product is 15 years out of support and extremely unlikely to be deployed in new or maintained infrastructure. Organizations with confirmed instances of this router should prioritize replacement or isolation, but widespread scanning and urgent patching efforts are not justified. Focus on asset discovery first to determine actual prevalence, then triage based on findings.
Risk score, explained
The CVSS v3.1 score of 8.8 reflects the severity of a remote buffer overflow vulnerability with authentication requirements. The score assumes the device remains on a reachable network and that valid credentials are obtainable. However, real-world risk is substantially lower due to the product's end-of-life status and lack of vendor support. Organizations should apply the CVSS score as an indicator of severity *if exploited*, but weight the overall risk lower when considering that few deployments likely exist and no active exploits have been reported in widespread use.
Frequently asked questions
Should we patch this vulnerability?
No patches are available from TRENDnet. The vendor explicitly stated the product is EOL and unsupported. If you operate this router, your remediation options are hardware replacement, network isolation, or formal risk acceptance. Contact TRENDnet only to verify their support status.
Is this vulnerability being actively exploited in the wild?
The exploit details have been disclosed publicly, but no known widespread attacks or ransomware campaigns leverage this vulnerability as of the latest advisory updates. The authentication requirement and the device's age limit real-world exploitation risk, though opportunistic attacks remain possible if the router is exposed to the internet.
Do we need to alert our customers if we sold or supported this router?
If your organization provided this router to customers as part of a managed service or support contract, you should notify them that the device is unsupported and present remediation options. Provide guidance on replacement timelines and interim security controls. Document the notification for compliance and liability purposes.
Can network segmentation protect us from this vulnerability?
Yes. Restricting management access to the router's web interface via firewall rules or VLAN isolation significantly reduces risk. Deny internet-facing access to the management interface, limit authentication attempts to specific trusted networks, and disable remote management features. This approach is viable as a temporary measure while you plan hardware replacement.
This analysis is based on vendor statements and publicly disclosed vulnerability data as of the publication date. TRENDnet has confirmed this product reached end-of-life in 2009 and will not receive security updates. Organizations should verify the presence and risk posture of affected devices in their own environments. This document is for informational purposes and does not constitute legal, compliance, or security advice. Consult your organization's security and legal teams before making remediation decisions. The presence of a public exploit does not guarantee active exploitation; organizations should conduct their own threat modeling based on their network topology and asset inventory. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).
Related vulnerabilities
- CVE-2026-10062HIGHTRENDnet TEW-432BRP Stack Overflow – EOL Hardware Risk
- CVE-2026-10063HIGHTRENDnet TEW-432BRP Stack Overflow – End-of-Life Router Vulnerability
- CVE-2026-10065HIGHShibby Tomato 1.28 Stack Buffer Overflow in tomatodata.cgi
- CVE-2026-10066HIGHShibby Tomato Stack Buffer Overflow in UPS Service (RCE)
- CVE-2026-10067HIGHShibby Tomato 1.28 Stack Buffer Overflow in multimon.cgi
- CVE-2026-10119HIGHStack Overflow in TRENDnet TEW-432BRP End-of-Life Router
- CVE-2026-10120HIGHTRENDnet TEW-432BRP Buffer Overflow – No Patch Available
- CVE-2026-10121HIGHTRENDnet TEW-432BRP Stack Buffer Overflow