CVE-2026-10062 - Vulnerability Details

- TRENDnet TEW-432BRP formSetRoute stack-based overflow

Description

A vulnerability was determined in TRENDnet TEW-432BRP 3.10B20. Affected by this vulnerability is the function formSetRoute of the file /goform/formSetRoute. This manipulation of the argument ip/mask/gateway causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.

Published: 2026-05-29

Score: 8.7 High

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

A stack-based buffer overflow flaw exists in the formSetRoute function of the web interface on TRENDnet TEW‑432BRP devices, allowing a remote attacker to supply crafted IP, mask, or gateway values that overflow a stack buffer. The vulnerability can be exploited over the network without local access, potentially giving an attacker control over the device’s firmware or the ability to execute arbitrary code. Because the affected device is unmaintained, there is no vendor patch available, leaving the risk to persist unmitigated.

Affected Systems

The weakness targets TRENDnet TEW‑432BRP routers running firmware version 3.10B20. This product line has been end‑of‑life since 2009, with no further updates or security support from the manufacturer.

Risk and Exploitability

The flaw carries a CVSS score of 8.7, denoting high severity. Its EPSS score is currently unavailable, and the vulnerability is not listed in CISA’s KEV catalog. The remote attack vector and lack of vendor remediation make it a serious threat to any networks that still deploy these legacy routers. Without a patch, the risk remains unchanged for all affected installations.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

TRENDnet

TEW-432BRP

affected

Version	Status	Constraints
`3.10B20`	affected	—

No data.

Vendor Product Confidence Versions

Trendnet

Tew-432brp

90%

Version	Status	Scheme	Platform
`3.10B20`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Replace the TEW‑432BRP device with a supported model or alternative router.
If replacement is delayed, isolate the device on a separate network segment and block all unsolicited inbound traffic except strictly necessary management ports, preferably requiring VPN or firewall rule restrictions.
Continuously monitor traffic to and from the device for signs of exploitation attempts, and alert the security team if suspicious patterns are observed.

Generated by OpenCVE AI on May 29, 2026 at 15:15 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

No EPSS score available.

Exploitation poc

Automatable no

Technical Impact total

References

Link	Providers
https://github.com/wudipjq/my_vuln/blob/main/TRENDnet/vuln_3/3.md
https://vuldb.com/submit/814758
https://vuldb.com/vuln/367148
https://vuldb.com/vuln/367148/cti

History

Fri, 29 May 2026 16:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 29 May 2026 14:45:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was determined in TRENDnet TEW-432BRP 3.10B20. Affected by this vulnerability is the function formSetRoute of the file /goform/formSetRoute. This manipulation of the argument ip/mask/gateway causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.
Title		TRENDnet TEW-432BRP formSetRoute stack-based overflow
First Time appeared		Trendnet Trendnet tew-432brp
Weaknesses		CWE-119 CWE-121
CPEs		cpe:2.3:a:trendnet:tew-432brp::::::::
Vendors & Products		Trendnet Trendnet tew-432brp
References		https://github.com/wudipjq/my_vuln/blob/main/TRENDnet/vuln_3/3.md https://vuldb.com/submit/814758 https://vuldb.com/vuln/367148 https://vuldb.com/vuln/367148/cti
Metrics		cvssV2_0 `{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Trendnet Tew-432brp

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-05-29T13:45:08.247Z

Updated: 2026-05-29T15:34:01.691Z

Reserved: 2026-05-29T08:19:52.890Z

Link: CVE-2026-10062

Vulnrichment

Updated: 2026-05-29T15:33:57.625Z

NVD

Status : Awaiting Analysis

Published: 2026-05-29T15:16:22.073

Modified: 2026-05-29T15:42:56.873

Link: CVE-2026-10062

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-29T15:30:03Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation poc

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object