CVE-2026-10064 - Vulnerability Details

- TRENDnet TEW-432BRP formSetPortTr stack-based overflow

Description

A security flaw has been discovered in TRENDnet TEW-432BRP 3.10B20. This affects the function formSetPortTr of the file /goform/formSetPortTr. Performing a manipulation of the argument special_name results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.

Published: 2026-05-29

Score: 5.3 Medium

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The TRENDnet TEW‑432BRP 3.10B20 firmware suffers from a stack‑based buffer overflow (CWE‑119, CWE‑121) in the formSetPortTr function of /goform/formSetPortTr. By delivering a specially crafted special_name argument, an attacker can overflow the stack and execute arbitrary code. The flaw is exploitable remotely over the network, and the public exploit code has been released. Because the device has been End‑of‑Life since 2009, no patch is available from the vendor.

Affected Systems

Only the TRENDnet TEW‑432BRP model running firmware 3.10B20 is affected. No other versions or revisions are listed. The product has been end‑of‑life since 2009 and is no longer supported by the vendor, meaning no vendor patch is available.

Risk and Exploitability

The CVSS score of 5.3 indicates a medium severity, but the public nature of the exploit and lack of vendor remediation raise the practical risk. The vulnerability can be triggered by sending a crafted HTTP request to /goform/formSetPortTr from any remote host that can reach the device. Its likelihood of exploitation is uncertain without an EPSS score, yet the presence of an exploit in public repositories suggests that motivated attackers could target exposed units. The device is not listed in the CISA KEV catalog, but that does not diminish the potential impact faced by users who still keep the device connected to untrusted networks.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

TRENDnet

TEW-432BRP

affected

Version	Status	Constraints
`3.10B20`	affected	—

No data.

Vendor Product Confidence Versions

Trendnet

Tew-432brp

95%

Version	Status	Scheme	Platform
`3.10B20`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Replace the TEW‑432BRP with a supported, maintained device that does not contain the vulnerability, thereby eliminating the stack‑based overflow (CWE‑119, CWE‑121).
Restrict inbound traffic to the device by disabling remote management or configuring the firewall to block all but trusted IP addresses from accessing the /goform/formSetPortTr endpoint.
Implement network segmentation so that the device resides in a low‑trust segment separate from critical infrastructure, and monitor for anomalous traffic toward the device.

Generated by OpenCVE AI on May 29, 2026 at 17:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/wudipjq/my_vuln/blob/main/TRENDnet/vuln_5/5.md
https://vuldb.com/submit/814760
https://vuldb.com/vuln/367150
https://vuldb.com/vuln/367150/cti

History

Fri, 29 May 2026 16:15:00 +0000

Type	Values Removed	Values Added
Description		A security flaw has been discovered in TRENDnet TEW-432BRP 3.10B20. This affects the function formSetPortTr of the file /goform/formSetPortTr. Performing a manipulation of the argument special_name results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.
Title		TRENDnet TEW-432BRP formSetPortTr stack-based overflow
First Time appeared		Trendnet Trendnet tew-432brp
Weaknesses		CWE-119 CWE-121
CPEs		cpe:2.3:a:trendnet:tew-432brp::::::::
Vendors & Products		Trendnet Trendnet tew-432brp
References		https://github.com/wudipjq/my_vuln/blob/main/TRENDnet/vuln_5/5.md https://vuldb.com/submit/814760 https://vuldb.com/vuln/367150 https://vuldb.com/vuln/367150/cti
Metrics		cvssV2_0 `{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Trendnet Tew-432brp

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-05-29T14:45:07.539Z

Updated: 2026-05-29T14:45:07.539Z

Reserved: 2026-05-29T08:19:58.911Z

Link: CVE-2026-10064

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-29T16:16:23.020

Modified: 2026-05-29T16:33:43.467

Link: CVE-2026-10064

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-29T18:30:04Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object