Description
A flaw has been found in TRENDnet TEW-432BRP 3.10B20. This issue affects the function formSetWlanEncrypt of the file /goform/formSetWlanEncrypt. This manipulation of the argument webpage causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.
Published: 2026-05-31
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An attacker can exploit a stack-based buffer overflow in the formSetWlanEncrypt function of the TEW-432BRP firmware by manipulating the webpage argument. This flaw can lead to arbitrary code execution from a remote location, compromising confidentiality, integrity, and availability of the device. The vulnerability maps to CWE-119 and CWE-121.

Affected Systems

The affected model is the TRENDnet TEW-432BRP, specifically firmware version 3.10B20. No patch or fix is available because the product reached end-of-life in 2009, and the vendor does not support it.

Risk and Exploitability

The CVSS score of 8.7 indicates high severity. Although the EPSS score is not published and the vulnerability is not listed in CISA KEV, published exploits demonstrate that the attack can be carried out remotely over HTTP. As the device is no longer maintained, no vendor remediation exists, increasing the likelihood that an attacker could succeed if the device remains exposed.

Generated by OpenCVE AI on May 31, 2026 at 12:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Replace the TEW-432BRP unit with an up-to-date, supported device.
  • If replacement is not immediately feasible, physically isolate the unit or place it behind a network segment that is unreachable from external networks.
  • Block or rate-limit access to the /goform/formSetWlanEncrypt endpoint using a firewall or router ACL to prevent remote exploitation attempts.

Generated by OpenCVE AI on May 31, 2026 at 12:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 31 May 2026 11:15:00 +0000

Type Values Removed Values Added
Description A flaw has been found in TRENDnet TEW-432BRP 3.10B20. This issue affects the function formSetWlanEncrypt of the file /goform/formSetWlanEncrypt. This manipulation of the argument webpage causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.
Title TRENDnet TEW-432BRP formSetWlanEncrypt stack-based overflow
First Time appeared Trendnet
Trendnet tew-432brp
Weaknesses CWE-119
CWE-121
CPEs cpe:2.3:a:trendnet:tew-432brp:*:*:*:*:*:*:*:*
Vendors & Products Trendnet
Trendnet tew-432brp
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Trendnet Tew-432brp
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-31T11:00:10.666Z

Reserved: 2026-05-30T16:28:21.643Z

Link: CVE-2026-10179

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-31T11:16:47.750

Modified: 2026-05-31T11:16:47.750

Link: CVE-2026-10179

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-31T14:00:04Z

Weaknesses