CVE-2026-10060
Command Injection in TRENDnet TEW-432BRP
Publication date: 2026-05-29
Last updated on: 2026-05-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| trendnet | tew-432brp | 3.10b20 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-10060 is a command injection vulnerability found in the TRENDnet TEW-432BRP router, specifically in the formSetRoute function of the /goform/formSetRoute endpoint.
The vulnerability arises because the router's web interface does not properly validate or sanitize user input in the IP, mask, and gateway parameters. An attacker can exploit this by injecting malicious commands, such as "reboot", into these parameters.
When the router processes the crafted input, it executes the injected commands, which can lead to unauthorized actions like rebooting the device.
This vulnerability can be exploited remotely via a specially crafted HTTP POST request.
The product affected has been end-of-life (EOL) since 2009, and the vendor does not provide fixes or support for this issue.
How can this vulnerability impact me? :
This vulnerability allows an attacker to remotely execute arbitrary commands on the affected router by injecting malicious input into the IP/mask/gateway parameters.
The immediate impact demonstrated is the ability to cause the router to reboot unexpectedly, which can disrupt network connectivity and availability.
Beyond rebooting, command injection could potentially allow attackers to execute other harmful commands, leading to further compromise of the device or network.
Since the device is no longer supported or patched, the risk remains unmitigated, increasing the likelihood of exploitation.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending a crafted HTTP POST request to the /goform/formSetRoute endpoint of the TRENDnet TEW-432BRP router and observing if command injection is possible.
For example, a test can be performed by injecting a command such as "reboot" into the IP address field in the POST data. If the device reboots or executes the command, the vulnerability is present.
A sample command using curl to test this might look like:
- curl -X POST http://[router_ip]/goform/formSetRoute -d "ip=1.1.1.1;reboot&mask=255.255.255.0&gateway=1.1.1.254"
If the router reboots or behaves unexpectedly after this request, it indicates the presence of the command injection vulnerability.
What immediate steps should I take to mitigate this vulnerability?
Since the affected TRENDnet TEW-432BRP product has been end-of-life (EOL) for 15 years and no patches or fixes are available from the vendor, immediate mitigation steps include:
- Isolate the vulnerable device from untrusted networks to prevent remote exploitation.
- Disable remote management or access to the router's web interface if possible.
- Replace the affected device with a supported and updated router model to ensure security patches and support.
- Monitor network traffic for suspicious POST requests targeting /goform/formSetRoute.