CVE-2026-10060
Analyzed Analyzed - Analysis Complete
Command Injection in TRENDnet TEW-432BRP

Publication date: 2026-05-29

Last updated on: 2026-06-03

Assigner: VulDB

Description
A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. This impacts the function formSetRoute of the file /goform/formSetRoute. The manipulation of the argument ip/mask/gateway leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-29
Last Modified
2026-06-03
Generated
2026-06-19
AI Q&A
2026-05-29
EPSS Evaluated
2026-06-18
NVD
CVE-2026-10060
EUVD
EUVD-2026-33312
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
trendnet tew-432brp_firmware 3.10b20
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-10060 is a command injection vulnerability found in the TRENDnet TEW-432BRP router, specifically in the formSetRoute function of the /goform/formSetRoute endpoint.

The vulnerability arises because the router's web interface does not properly validate or sanitize user input in the IP, mask, and gateway parameters. An attacker can exploit this by injecting malicious commands, such as "reboot", into these parameters.

When the router processes the crafted input, it executes the injected commands, which can lead to unauthorized actions like rebooting the device.

This vulnerability can be exploited remotely via a specially crafted HTTP POST request.

The product affected has been end-of-life (EOL) since 2009, and the vendor does not provide fixes or support for this issue.

Impact Analysis

This vulnerability allows an attacker to remotely execute arbitrary commands on the affected router by injecting malicious input into the IP/mask/gateway parameters.

The immediate impact demonstrated is the ability to cause the router to reboot unexpectedly, which can disrupt network connectivity and availability.

Beyond rebooting, command injection could potentially allow attackers to execute other harmful commands, leading to further compromise of the device or network.

Since the device is no longer supported or patched, the risk remains unmitigated, increasing the likelihood of exploitation.

Detection Guidance

This vulnerability can be detected by sending a crafted HTTP POST request to the /goform/formSetRoute endpoint of the TRENDnet TEW-432BRP router and observing if command injection is possible.

For example, a test can be performed by injecting a command such as "reboot" into the IP address field in the POST data. If the device reboots or executes the command, the vulnerability is present.

A sample command using curl to test this might look like:

  • curl -X POST http://[router_ip]/goform/formSetRoute -d "ip=1.1.1.1;reboot&mask=255.255.255.0&gateway=1.1.1.254"

If the router reboots or behaves unexpectedly after this request, it indicates the presence of the command injection vulnerability.

Mitigation Strategies

Since the affected TRENDnet TEW-432BRP product has been end-of-life (EOL) for 15 years and no patches or fixes are available from the vendor, immediate mitigation steps include:

  • Isolate the vulnerable device from untrusted networks to prevent remote exploitation.
  • Disable remote management or access to the router's web interface if possible.
  • Replace the affected device with a supported and updated router model to ensure security patches and support.
  • Monitor network traffic for suspicious POST requests targeting /goform/formSetRoute.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-10060. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart