Description
A vulnerability was identified in TRENDnet TEW-432BRP 3.10B20. Affected by this issue is the function formWPS of the file /goform/formWPS. Such manipulation of the argument peerPin leads to stack-based buffer overflow. The attack may be performed from remote. The exploit is publicly available and might be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.
Published: 2026-05-29
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw is a stack‑based buffer overflow in the formWPS function of the /goform/formWPS endpoint. A specially crafted value supplied for the peerPin argument overflows a local buffer, corrupting stack memory and permitting an attacker to execute arbitrary code. This type of vulnerability is typically classified as a remote code execution risk because it can be triggered via an untrusted input from the network.

Affected Systems

TRENDnet TEW‑432BRP consumer‑grade router running firmware version 3.10B20. The device has been End‑of‑Life since 2009 and no security updates are available.

Risk and Exploitability

The CVSS score of 8.7 reflects a high impact level, and the exploit is publicly available, indicating that attackers have operational proof of concept. The EPSS score is not available, so the precise likelihood of exploitation is unknown, but the lack of a vendor fix and the public nature of the exploit increase the risk. The exploit can be performed from any remote machine that can reach the device’s HTTP interface; no local privileges are required. The vulnerability is not listed in the CISA KEV catalog, yet its high severity and public exploit suggest that it should be treated with urgency by administrators who still maintain the device.

Generated by OpenCVE AI on May 29, 2026 at 15:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Block or restrict HTTP access to the /goform/formWPS endpoint for all untrusted IP addresses, effectively limiting the attack surface and mitigating the buffer overflow identified in CWE-119.
  • Configure the network to enforce strict input length validation on peerPin, ensuring it never exceeds the expected maximum size; this addresses the buffer overflow weakness (CWE-119).
  • If the router supports stack protection, enable stack canaries or address space randomization to defend against stack‑based buffer overflows (CWE-121).
  • Replace the EOL TEW‑432BRP router with a newer, supported model that incorporates bounds checking and stack protection mechanisms (CWE-119 and CWE-121).
  • Implement continuous monitoring of HTTP traffic to detect anomalous POST requests to /goform/formWPS, and alert administrators of suspicious activity to mitigate exploitation attempts.

Generated by OpenCVE AI on May 29, 2026 at 15:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 29 May 2026 14:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in TRENDnet TEW-432BRP 3.10B20. Affected by this issue is the function formWPS of the file /goform/formWPS. Such manipulation of the argument peerPin leads to stack-based buffer overflow. The attack may be performed from remote. The exploit is publicly available and might be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.
Title TRENDnet TEW-432BRP formWPS stack-based overflow
First Time appeared Trendnet
Trendnet tew-432brp
Weaknesses CWE-119
CWE-121
CPEs cpe:2.3:a:trendnet:tew-432brp:*:*:*:*:*:*:*:*
Vendors & Products Trendnet
Trendnet tew-432brp
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Trendnet Tew-432brp
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-29T16:12:06.456Z

Reserved: 2026-05-29T08:19:56.111Z

Link: CVE-2026-10063

cve-icon Vulnrichment

Updated: 2026-05-29T16:11:57.203Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-29T15:16:22.240

Modified: 2026-05-29T15:42:56.873

Link: CVE-2026-10063

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T16:30:02Z

Weaknesses