CVE-2026-10123: TRENDnet TEW-432BRP Stack Buffer Overflow - End-of-Life Router Vulnerability
A stack-based buffer overflow vulnerability exists in the TRENDnet TEW-432BRP wireless router (firmware version 3.10B20) affecting the domain filtering function. An authenticated attacker can exploit this by manipulating domain filter parameters to overflow the stack, potentially gaining control of the device. Notably, this product reached end-of-life in 2009 and is no longer supported by the vendor, meaning no patches will be issued.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 8.8 HIGH · CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Weaknesses (CWE)
- CWE-119, CWE-121
- Affected products
- 0 configuration(s)
- Published / Modified
- 2026-05-30 / 2026-06-17
NVD description (verbatim)
A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. This impacts the function formSetDomainFilter of the file /goform/formSetDomainFilter. Performing a manipulation of the argument blocked_domain/permitted_domain/blocked_domain_list/permitted_domain_list results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.
4 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
CVE-2026-10123 is a stack-based buffer overflow in the formSetDomainFilter function accessible via the /goform/formSetDomainFilter endpoint on TRENDnet TEW-432BRP firmware 3.10B20. The vulnerability arises from insufficient bounds checking on user-supplied input to the blocked_domain, permitted_domain, blocked_domain_list, or permitted_domain_list parameters. This results in stack memory being overwritten, enabling arbitrary code execution in the router's context. The attack requires network access and valid authentication credentials. The underlying weakness is classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow).
Business impact
For organizations still operating legacy TRENDnet routers from the early 2000s, successful exploitation could result in complete device compromise, including interception of network traffic, lateral movement into internal networks, and persistent backdoor installation. The business risk is amplified by the unavailability of vendor patches and the device's age, making remediation through firmware updates impossible. However, the attack surface is limited to entities still actively using 15+ year-old equipment in production environments.
Affected systems
Only TRENDnet TEW-432BRP devices running firmware version 3.10B20 are affected. The vendor confirmed this product has been end-of-life since 2009 and stated they cannot replicate or fix vulnerabilities in it. No newer firmware versions or alternate products are mentioned in available advisories. Organizations should inventory whether this specific model remains deployed.
Exploitability
The vulnerability has a CVSS 3.1 score of 8.8 (HIGH) with a network attack vector, low attack complexity, and no user interaction required—but it does require valid authentication credentials. While proof-of-concept code has been publicly released, exploiting a 15-year-old router still requires the attacker to be on the network or have valid login credentials. The practical risk depends heavily on network segmentation and credential hygiene in your environment.
Remediation
No vendor patch exists. TRENDnet will not issue fixes for this end-of-life product. The only remediation is device replacement or decommissioning. If the TEW-432BRP remains in production, organizations should immediately plan its removal and replacement with a supported, current-generation router. In the interim, restrict network access to the device's web interface and disable remote management features if available.
Patch guidance
No patch will be released. Contact TRENDnet support to confirm replacement product options and migration paths. Verify your device firmware version via the administrative interface to confirm whether you are running 3.10B20 or another version. If you have older TRENDnet devices, check firmware version and compare against known vulnerable versions, though no patched versions are available for this EOL product.
Detection guidance
Scan your network for TEW-432BRP devices using port 80 (HTTP) or 443 (HTTPS) and attempt to identify the firmware version from the device's web interface response headers or administrative console. Log and monitor any POST requests to /goform/formSetDomainFilter, particularly those with unusually long or suspicious values in domain filter parameters. Correlate with authentication logs to identify whether unauthorized or suspicious accounts accessed the interface. Given the device's age, presence on the network itself may indicate legacy infrastructure requiring broader review.
Why prioritize this
Although the CVSS score is 8.8 (HIGH), prioritization should be context-dependent. If your organization does not operate TRENDnet TEW-432BRP routers, this requires minimal action beyond verification that the device is absent from inventory. If such devices do exist, they represent a critical security liability not due to imminent exploit activity but due to permanent lack of vendor support. Prioritization should focus on device replacement within a defined timeline rather than emergency patching (which is impossible).
Risk score, explained
The CVSS 3.1 score of 8.8 reflects the severity of a remote, unauthenticated-seeming vulnerability with high impact (confidentiality, integrity, availability all compromised). However, the authentication requirement (PR:L in the vector) and the device's extreme age and limited deployment lower practical exploitability in most environments. The score appropriately reflects the technical severity if exploitation occurs, but real-world risk is moderated by the narrow affected population and absence of active threat intelligence reporting this vulnerability in KEV catalogs.
Frequently asked questions
Do I need to patch this immediately?
No patch exists. If you operate a TEW-432BRP, your only option is to replace or decommission the device. Plan replacement within your normal capital equipment cycles, but treat it as a priority due to the permanent lack of vendor support.
What if I cannot replace the device right now?
Isolate it on a restricted network segment, disable any remote management or port forwarding, restrict administrative access to trusted internal IPs only, and monitor for suspicious activity. However, this is a temporary mitigation only; replacement should remain your primary objective.
How can I tell if I have this device?
Search your network for devices responding on port 80/443 with 'TEW-432BRP' in the HTTP headers or web interface. You can also check your network documentation or conduct a physical audit of networking equipment installed before 2010.
Is this actively being exploited in the wild?
While proof-of-concept code has been published, there is no evidence this vulnerability has been added to active threat intelligence or ransomware campaigns. However, its public disclosure means exploitation is technically possible, which is another reason to prioritize device replacement.
This analysis is based on public vulnerability disclosures and vendor statements current as of the publication date. TRENDnet has confirmed this product has been end-of-life since 2009 and will not issue patches. No CVSS score adjustment or KEV listing status should override the fundamental reality that this device cannot be patched. Organizations should verify their own device inventory and threat model before prioritization decisions. SEC.co provides this information for educational and risk management purposes; consult your vendor and security team for deployment-specific guidance. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).
Related vulnerabilities
- CVE-2026-10062HIGHTRENDnet TEW-432BRP Stack Overflow – EOL Hardware Risk
- CVE-2026-10063HIGHTRENDnet TEW-432BRP Stack Overflow – End-of-Life Router Vulnerability
- CVE-2026-10065HIGHShibby Tomato 1.28 Stack Buffer Overflow in tomatodata.cgi
- CVE-2026-10066HIGHShibby Tomato Stack Buffer Overflow in UPS Service (RCE)
- CVE-2026-10067HIGHShibby Tomato 1.28 Stack Buffer Overflow in multimon.cgi
- CVE-2026-10119HIGHStack Overflow in TRENDnet TEW-432BRP End-of-Life Router
- CVE-2026-10120HIGHTRENDnet TEW-432BRP Buffer Overflow – No Patch Available
- CVE-2026-10121HIGHTRENDnet TEW-432BRP Stack Buffer Overflow