CVE-2026-10183 - Vulnerability Details

- TRENDnet TEW-432BRP formWlanSetup stack-based overflow

Description

A vulnerability was identified in TRENDnet TEW-432BRP 3.10B20. This affects the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argument enrollee leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.

Published: 2026-05-31

Score: 8.7 High

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability is a stack‑based buffer overflow caused by manipulation of the enrollee argument in the formWlanSetup function of the /goform/formWlanSetup file. This flaw allows an attacker to overflow the stack and potentially take control of the device, resulting in remote code execution. The CVSS score of 8.7 indicates a high level of severity.

Affected Systems

TRENDnet TEW‑432BRP router model TEW‑432BRP running firmware version 3.10B20, a product that has been end‑of‑life since 2009. Only this firmware release is known to contain the overflow in the formWlanSetup function; no other TRENDnet devices or newer firmware versions are affected.

Risk and Exploitability

The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog, yet the high CVSS score and publicly available exploit demonstrate a serious risk. Attack can be initiated remotely via the device’s web interface, and the vulnerability likely allows unauthenticated access given the lack of mention of authentication. Because the device is unsupported, no vendor patch exists, making the risk persistent until mitigated or the device is replaced.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

TRENDnet

TEW-432BRP

affected

Version	Status	Constraints
`3.10B20`	affected	—

No data.

Vendor Product Confidence Versions

Trendnet

Tew-432brp

95%

Version	Status	Scheme	Platform
`3.10B20`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Replace or decommission the device, since it is unsupported and cannot be patched.
If replacement is not possible, isolate the router on a dedicated VLAN or subnet and restrict all inbound traffic to trusted management networks.
Configure firewall or upstream router access control lists to block all ports used by the web interface (typically 80/443) from external networks.
Disable any unused web services or features on the device to reduce the attack surface.
Monitor device logs and network traffic for repeated access attempts and trigger alerts on suspicious activity.

Generated by OpenCVE AI on May 31, 2026 at 14:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/wudipjq/my_vuln/blob/main/TRENDnet/vuln_20/20.md
https://vuldb.com/cve/CVE-2026-10183
https://vuldb.com/submit/814777
https://vuldb.com/vuln/367464
https://vuldb.com/vuln/367464/cti

History

Sun, 31 May 2026 13:30:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was identified in TRENDnet TEW-432BRP 3.10B20. This affects the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argument enrollee leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.
Title		TRENDnet TEW-432BRP formWlanSetup stack-based overflow
First Time appeared		Trendnet Trendnet tew-432brp
Weaknesses		CWE-119 CWE-121
CPEs		cpe:2.3:a:trendnet:tew-432brp::::::::
Vendors & Products		Trendnet Trendnet tew-432brp
References		https://github.com/wudipjq/my_vuln/blob/main/TRENDnet/vuln_20/20.md https://vuldb.com/cve/CVE-2026-10183 https://vuldb.com/submit/814777 https://vuldb.com/vuln/367464 https://vuldb.com/vuln/367464/cti
Metrics		cvssV2_0 `{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Trendnet Tew-432brp

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-05-31T13:15:08.573Z

Updated: 2026-05-31T13:15:08.573Z

Reserved: 2026-05-30T16:28:32.908Z

Link: CVE-2026-10183

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-31T14:16:51.557

Modified: 2026-05-31T14:16:51.557

Link: CVE-2026-10183

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-31T14:45:04Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object