CVE-2026-10179: TRENDnet TEW-432BRP Stack Buffer Overflow – End-of-Life Router Vulnerability
A stack-based buffer overflow vulnerability affects the TRENDnet TEW-432BRP wireless router running firmware version 3.10B20. An authenticated attacker can send a specially crafted request to the wireless encryption settings function, causing a memory overflow that could lead to remote code execution. The router has been end-of-life since 2009, and the vendor has stated they cannot fix the issue due to the product's age.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 8.8 HIGH · CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Weaknesses (CWE)
- CWE-119, CWE-121
- Affected products
- 0 configuration(s)
- Published / Modified
- 2026-05-31 / 2026-06-17
NVD description (verbatim)
A flaw has been found in TRENDnet TEW-432BRP 3.10B20. This issue affects the function formSetWlanEncrypt of the file /goform/formSetWlanEncrypt. This manipulation of the argument webpage causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.
5 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
CVE-2026-10179 is a stack-based buffer overflow (CWE-119, CWE-121) in the formSetWlanEncrypt function of the TRENDnet TEW-432BRP. The vulnerability exists in the /goform/formSetWlanEncrypt handler and is triggered through improper handling of the webpage parameter. An unauthenticated actor with network access and valid credentials can exploit this to corrupt the stack, potentially achieving arbitrary code execution on the device. The CVSS 3.1 score of 8.8 (HIGH) reflects the network vector, low complexity, and high impact on confidentiality, integrity, and availability—though it does require prior authentication.
Business impact
For organizations still operating this legacy router, exploitation could result in complete compromise of network access controls, potential interception of network traffic, or use of the device as a pivot point for lateral movement. However, since this product reached end-of-life 15 years ago, the primary business risk is operational: many organizations may not even be aware they still have this hardware deployed in closets or remote offices. The advisory highlights the importance of asset inventory and lifecycle management rather than a widespread active threat.
Affected systems
TRENDnet TEW-432BRP running firmware version 3.10B20 and potentially earlier versions. This product line has been out of support since 2009. Affected devices are likely legacy infrastructure in enterprise environments or small business networks that have not undergone recent hardware refreshes.
Exploitability
The vulnerability is remotely exploitable but requires valid credentials to access the web interface, raising the bar from unauthenticated remote attack. Public exploit code is reported to exist, which increases risk for discoverable deployments. The low attack complexity and lack of user interaction needed once authenticated make this a practical concern for anyone still relying on this hardware in production or as part of network perimeter defense.
Remediation
The vendor explicitly will not provide patches due to the product's end-of-life status. Organizations must either decommission affected routers or implement network-level mitigations such as restricting administrative access to the device's web interface via firewall rules, disabling remote management, and isolating the device from untrusted networks. If replacement is infeasible in the short term, strong network segmentation and credential rotation are essential.
Patch guidance
No vendor patch is available or planned. Verify your inventory to identify any TEW-432BRP devices still in operation. For those that cannot be immediately replaced, implement compensating controls: restrict web interface access to trusted administrative networks only, disable remote management features if available, change default credentials to strong values, and consider placing the device behind an additional security appliance that can monitor for exploitation attempts.
Detection guidance
Monitor network access logs for suspicious connections to port 80/443 on identified TEW-432BRP devices. Log attempts to access /goform/formSetWlanEncrypt with malformed or oversized webpage parameters. If you have network traffic analysis tools, flag any requests to this endpoint with unusual payload sizes. Validate that only expected administrative IPs are connecting to the device's management interface. Conduct a full network scan to identify any instances still in use that may have been forgotten.
Why prioritize this
While the CVSS score is high (8.8), the practical priority depends on your environment. If no TEW-432BRP devices exist in your infrastructure, this poses minimal risk. If they do exist, prioritize removal or isolation immediately—not because active exploitation is widespread, but because patches are impossible and the product is entirely unsupported. This is a lifecycle issue masquerading as a vulnerability alert, making it a good forcing function to retire truly obsolete hardware.
Risk score, explained
The CVSS 8.8 reflects a remotely accessible, low-complexity attack that can compromise confidentiality, integrity, and availability once an attacker has valid credentials. The primary limiting factor is the authentication requirement (PR:L), which prevents unauthenticated remote code execution. For legacy infrastructure no longer maintained by any vendor, however, the practical risk transcends the score: any vulnerability on unsupported hardware carries inherent risk because no security updates will ever be issued.
Frequently asked questions
Should we immediately replace all TEW-432BRP routers we find?
Yes, if operationally feasible. This product reached end-of-life in 2009 and will never receive security updates. However, if you cannot replace immediately due to operational constraints, isolate the device to a trusted administrative network and ensure no untrusted user accounts can access it.
Is this vulnerability already being exploited in the wild?
Public exploit code is known to exist, but there is no evidence of widespread exploitation. This does not mean you should deprioritize remediation if you have this hardware—it means you have a window to act before active campaigns begin.
Can we just disable the wireless functionality as a workaround?
Disabling wireless may reduce one attack surface, but the vulnerability is in the web-based management interface. Proper mitigation requires restricting network access to that interface (firewall rules) or removing the device entirely.
How do we find TEW-432BRP devices on our network?
Use network scanning tools to search for devices responding on HTTP/HTTPS ports with TRENDnet signatures in their banners or web interface titles. Cross-reference with your asset inventory. Also check physical locations like server closets, branch offices, and remote sites where legacy equipment tends to linger.
This analysis is based on publicly available CVE data and vendor statements as of the publication date. TRENDnet has confirmed this product is end-of-life and will not receive patches. Organizations should verify their own network inventory before taking action. SEC.co makes no warranty regarding the completeness or accuracy of third-party vulnerability data. Security decisions should incorporate threat modeling specific to your environment, asset inventory, and risk tolerance. If you discover active exploitation in your environment, contact TRENDnet support and consider engaging incident response resources. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).
Related vulnerabilities
- CVE-2026-10062HIGHTRENDnet TEW-432BRP Stack Overflow – EOL Hardware Risk
- CVE-2026-10063HIGHTRENDnet TEW-432BRP Stack Overflow – End-of-Life Router Vulnerability
- CVE-2026-10065HIGHShibby Tomato 1.28 Stack Buffer Overflow in tomatodata.cgi
- CVE-2026-10066HIGHShibby Tomato Stack Buffer Overflow in UPS Service (RCE)
- CVE-2026-10067HIGHShibby Tomato 1.28 Stack Buffer Overflow in multimon.cgi
- CVE-2026-10119HIGHStack Overflow in TRENDnet TEW-432BRP End-of-Life Router
- CVE-2026-10120HIGHTRENDnet TEW-432BRP Buffer Overflow – No Patch Available
- CVE-2026-10121HIGHTRENDnet TEW-432BRP Stack Buffer Overflow