CVE-2026-4172
Awaiting Analysis Awaiting Analysis - Queue
Stack-Based Buffer Overflow in TRENDnet TEW-632BRP HTTP Handler

Publication date: 2026-03-16

Last updated on: 2026-03-16

Assigner: VulDB

Description
A vulnerability was detected in TRENDnet TEW-632BRP 1.010B32. This affects an unknown part of the file /ping_response.cgi of the component HTTP POST Request Handler. The manipulation of the argument ping_ipaddr results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-16
Last Modified
2026-03-16
Generated
2026-06-16
AI Q&A
2026-03-16
EPSS Evaluated
2026-06-15
NVD
CVE-2026-4172
EUVD
EUVD-2026-12218
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
trendnet tew-632brp 1.010b32
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-4172 is a stack-based buffer overflow vulnerability found in the TRENDnet TEW-632BRP router, version 1.010B32. It exists in the HTTP POST request handler within the /ping_response.cgi file. The vulnerability arises from improper handling of the "ping_ipaddr" argument, which when manipulated with crafted input, causes a stack overflow.'}, {'type': 'paragraph', 'content': 'An authenticated attacker can exploit this by sending a specially crafted POST request containing an overly long string in the ping_ipaddr parameter. The vulnerability is due to insufficient length validation before copying the input into a stack variable using an unsafe function, leading to the overflow.'}, {'type': 'paragraph', 'content': 'This flaw can lead to denial of service or potentially allow arbitrary code execution on the device.'}] [1, 2, 3]

Impact Analysis

Exploitation of this vulnerability can compromise the confidentiality, integrity, and availability of the affected device.

  • Denial of Service (DoS) by crashing the device.
  • Potential arbitrary code execution, allowing an attacker to run malicious code on the device.
  • Remote exploitation is possible but requires authentication.

Since the vendor has not provided any patches or mitigations, affected users are advised to consider replacing the product to avoid these risks.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for authenticated HTTP POST requests to the /ping_response.cgi endpoint containing an unusually long or malformed ping_ipaddr parameter.'}, {'type': 'paragraph', 'content': "A practical detection method involves capturing and inspecting HTTP POST traffic to the device's web interface, specifically looking for the ping_ipaddr argument in requests to /ping_response.cgi."}, {'type': 'paragraph', 'content': 'Since exploitation requires authentication, detection can also include reviewing device logs for suspicious authenticated POST requests with abnormal ping_ipaddr values.'}, {'type': 'list_item', 'content': 'Use network packet capture tools like tcpdump or Wireshark to filter HTTP POST requests to /ping_response.cgi.'}, {'type': 'list_item', 'content': "Example tcpdump command to capture relevant traffic: tcpdump -i <interface> -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'POST /ping_response.cgi'"}, {'type': 'list_item', 'content': 'Use curl or similar tools to test the endpoint with crafted ping_ipaddr parameters to verify if the device is vulnerable.'}] [2, 3]

Mitigation Strategies

[{'type': 'paragraph', 'content': "Immediate mitigation steps include restricting access to the affected device's web interface to trusted users only, as exploitation requires authentication."}, {'type': 'paragraph', 'content': 'Since no official patch or vendor response is available, consider replacing the affected TRENDnet TEW-632BRP device with a more secure alternative.'}, {'type': 'paragraph', 'content': "Implement network-level controls such as firewall rules to limit access to the device's management interface."}, {'type': 'paragraph', 'content': 'If possible, disable or restrict the HTTP POST handler for /ping_response.cgi or apply input validation filters to the ping_ipaddr parameter to prevent buffer overflow conditions.'}, {'type': 'paragraph', 'content': 'Monitor device logs for suspicious activity and unauthorized POST requests to the vulnerable endpoint.'}] [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-4172. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart