CVE-2026-10161: TRENDnet TEW-432BRP Stack Overflow – No Patch Available
A stack-based buffer overflow exists in the TRENDnet TEW-432BRP wireless router (firmware version 3.10B20) in a network-accessible configuration function. An authenticated attacker can send a specially crafted request to the `/goform/formResetStatistic` endpoint with a malicious `status_statistic` parameter that overflows memory and corrupts the stack, potentially leading to code execution or denial of service. The device has been out of support since 2009, and the vendor has explicitly stated they cannot patch this issue.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 8.8 HIGH · CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Weaknesses (CWE)
- CWE-119, CWE-121
- Affected products
- 0 configuration(s)
- Published / Modified
- 2026-05-31 / 2026-06-17
NVD description (verbatim)
A vulnerability was detected in TRENDnet TEW-432BRP 3.10B20. This affects the function formResetStatistic of the file /goform/formResetStatistic. Performing a manipulation of the argument status_statistic results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.
4 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
The vulnerability is a stack-based buffer overflow (CWE-121) arising from improper input validation (CWE-119) in the formResetStatistic function. The attack vector is network-based and requires low complexity to execute—an authenticated user simply needs to send a request with an oversized or malformed `status_statistic` parameter. The vulnerability corrupts stack memory, which can be leveraged to redirect execution flow or trigger a crash. CVSS 3.1 scores this as HIGH (8.8) due to network accessibility, low attack complexity, and the potential for high confidentiality, integrity, and availability impact.
Business impact
Organizations still operating these routers face a critical but contained risk: the device is 15+ years old and likely in dormant or isolated deployments, reducing real-world attack surface. However, if active on any network—especially in legacy industrial, remote office, or development environments—the vulnerability could allow an attacker with network access to gain full device control or crash the router, disrupting network services. Given the device's age, replacement rather than patching is the only remediation path. The business impact hinges on whether these routers remain in production; many organizations may not even know they still have them deployed.
Affected systems
TRENDnet TEW-432BRP running firmware version 3.10B20 is confirmed affected. This is a consumer-grade 802.11g wireless router from the mid-2000s. Given the firmware version designation, other 3.10 and earlier releases are likely vulnerable. The product reached end-of-life in 2009 and has not received security updates for over 15 years. No patches are available from the vendor.
Exploitability
The vulnerability is exploitable via network access and requires only low-privilege authentication—meaning an attacker must already have credentials or obtain them via separate compromise. The attack is straightforward: send a POST request to the formResetStatistic function with an oversized parameter value. Public exploit code now exists, lowering the barrier for opportunistic attackers. However, real-world exploitation is limited by the scarcity of active deployments and the attacker's need for valid authentication credentials.
Remediation
There is no vendor patch. The device reached EOL in 2009, and TRENDnet has formally declined to support it. The only remediation is to replace the affected router with a supported, current model. Organizations should: (1) identify any remaining TEW-432BRP units in their network; (2) plan immediate decommissioning; (3) if replacement is delayed, isolate the device from untrusted networks and restrict admin access. For brownfield environments where legacy devices cannot be immediately replaced, network segmentation and access controls are critical mitigations.
Patch guidance
No patch is available from TRENDnet. The vendor's end-of-life status, established in 2009, means this device will not receive updates. Organizations must plan for replacement. Check your network inventory for this model using SNMP queries, web interface login attempts, or port scanning for the default HTTP service (port 80). Verify firmware version via the web admin console (default IP often 192.168.0.1). If found, initiate a procurement and deployment plan for a modern replacement router that receives active security updates.
Detection guidance
Monitor for POST requests to `/goform/formResetStatistic` with unusually large or malformed `status_statistic` parameter values. Inspect inbound network traffic for signs of brute-force authentication attempts targeting these devices. Perform regular network scans to identify any remaining TEW-432BRP units—look for the default web interface signature or SNMP identifiers. Review network diagrams and asset inventories for legacy equipment. If the device is present, heighten logging and alerting around authentication and configuration changes.
Why prioritize this
While the CVSS score is HIGH (8.8), the real-world priority is MEDIUM to HIGH with strong caveats. The device is 15+ years old and largely obsolete, so the population of vulnerable systems is small. However, any that remain in active use are sitting ducks: they will never receive a patch, the vulnerability is now public with working exploits, and a single compromise could yield full device control. Prioritize based on whether you can confirm active deployments in your environment; if you have none, the risk is zero. If you do, decommissioning should be urgent.
Risk score, explained
CVSS 3.1 assigns a score of 8.8 (HIGH) based on: network accessibility (AV:N), low attack complexity (AC:L), low privilege requirement (PR:L), no user interaction needed (UI:N), unchanged scope (S:U), and high impact to confidentiality, integrity, and availability (C:H/I:H/A:H). The score reflects the technical severity of a stack overflow on an internet-facing device. However, the practical risk is modulated by the device's obsolescence, small installed base, authentication requirement, and the unlikelihood of it remaining in active, monitored deployments. The business risk is only realized if the device is still operational.
Frequently asked questions
Is there a patch for this vulnerability?
No. TRENDnet confirmed the TEW-432BRP reached end-of-life in 2009 and stated they cannot replicate or fix vulnerabilities in this product. There will be no patches. Mitigation requires device replacement.
How old is this router, and why is it being disclosed now?
The TEW-432BRP is approximately 15+ years old. The vulnerability may have existed since manufacture but was discovered and publicly disclosed recently, likely through security research or a coordinated disclosure process. Its age and lack of vendor support make it a lower priority for most organizations, but any active deployment is at risk.
Do I need to worry about this if I don't use TRENDnet equipment?
Only if you have this specific model (TEW-432BRP) in your network. This vulnerability does not affect other TRENDnet routers or competitors' equipment. Scan your network and asset inventory to confirm whether you have any of these devices.
What if I have one of these routers but can't replace it immediately?
Network segmentation is critical. Isolate the device from untrusted networks, restrict admin access to known IP addresses only, disable remote management, and place it behind a firewall with strict ACLs. Change default credentials if possible, monitor for suspicious activity, and accelerate your replacement timeline. However, these are temporary measures; replacement is the only true fix.
This analysis is based on vendor statements, CVE data, and public vulnerability disclosures as of the publication date. No working exploit code is provided or endorsed. Organizations should verify the presence of affected devices in their environment before taking action. Patch and version information must be confirmed against official vendor advisories. This vulnerability only affects the TRENDnet TEW-432BRP; check your specific hardware model. Risk assessment should account for your network's actual deployment of legacy equipment. For questions or clarification, consult TRENDnet's official security advisories or your network administrator. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).
Related vulnerabilities
- CVE-2026-10062HIGHTRENDnet TEW-432BRP Stack Overflow – EOL Hardware Risk
- CVE-2026-10063HIGHTRENDnet TEW-432BRP Stack Overflow – End-of-Life Router Vulnerability
- CVE-2026-10065HIGHShibby Tomato 1.28 Stack Buffer Overflow in tomatodata.cgi
- CVE-2026-10066HIGHShibby Tomato Stack Buffer Overflow in UPS Service (RCE)
- CVE-2026-10067HIGHShibby Tomato 1.28 Stack Buffer Overflow in multimon.cgi
- CVE-2026-10119HIGHStack Overflow in TRENDnet TEW-432BRP End-of-Life Router
- CVE-2026-10120HIGHTRENDnet TEW-432BRP Buffer Overflow – No Patch Available
- CVE-2026-10121HIGHTRENDnet TEW-432BRP Stack Buffer Overflow