Description
A security vulnerability has been detected in TRENDnet TEW-432BRP 3.10B20. Impacted is the function formSetMACFilter of the file /goform/formSetMACFilter. The manipulation of the argument filter_name leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.
Published: 2026-05-30
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A stack-based buffer overflow in the formSetMACFilter routine allows an attacker to supply a malicious filter_name argument that overflows the stack and can cause arbitrary code execution on the device. The vulnerability is identified as CWE-119 and CWE-121, indicating improper bounds checking and stack corruption. Since the flaw is exploitable remotely via the web interface, an attacker could gain control of the TEW-432BRP’s firmware or execute arbitrary commands.

Affected Systems

The affected model is TRENDnet TEW-432BRP running firmware 3.10B20. No other versions are reported to be vulnerable. The product has been end‑of‑life since 2009 and the vendor has publicly stated it is unable to provide a fix.

Risk and Exploitability

The CVSS score of 8.7 classifies this as a high‑severity vulnerability. Although an EPSS score is not available, the public release of an exploit suggests a realistic exploitation probability. The device is not listed in the CISA KEV catalog, but the vulnerability can be triggered through a web request to /goform/formSetMACFilter, making it easily attackable by anyone with network access to the appliance.

Generated by OpenCVE AI on May 30, 2026 at 14:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Disable the web management interface or restrict access to the /goform endpoint to trusted IP ranges
  • Segregate the device on a separate network segment with strict firewall rules to prevent unauthorized remote connections
  • Replace the EOL TEW‑432BRP with a supported, secure replacement device

Generated by OpenCVE AI on May 30, 2026 at 14:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 30 May 2026 13:45:00 +0000

Type Values Removed Values Added
Description A security vulnerability has been detected in TRENDnet TEW-432BRP 3.10B20. Impacted is the function formSetMACFilter of the file /goform/formSetMACFilter. The manipulation of the argument filter_name leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.
Title TRENDnet TEW-432BRP formSetMACFilter stack-based overflow
First Time appeared Trendnet
Trendnet tew-432brp
Weaknesses CWE-119
CWE-121
CPEs cpe:2.3:a:trendnet:tew-432brp:*:*:*:*:*:*:*:*
Vendors & Products Trendnet
Trendnet tew-432brp
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Trendnet Tew-432brp
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-30T13:30:09.230Z

Reserved: 2026-05-29T17:19:19.054Z

Link: CVE-2026-10119

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-30T14:16:24.513

Modified: 2026-05-30T14:16:24.513

Link: CVE-2026-10119

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-30T14:45:25Z

Weaknesses