CVE-2026-10061
Awaiting Analysis Awaiting Analysis - Queue
Command Injection in TRENDnet TEW-432BRP

Publication date: 2026-05-29

Last updated on: 2026-05-29

Assigner: VulDB

Description
A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. Affected is the function formWPS of the file /goform/formWPS. The manipulation of the argument peerPin results in command injection. The attack can be executed remotely. The exploit has been made public and could be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-29
Last Modified
2026-05-29
Generated
2026-05-29
AI Q&A
2026-05-29
EPSS Evaluated
N/A
NVD
CVE-2026-10061
EUVD
EUVD-2026-33316
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
trendnet tew-432brp to 2009 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-10061 is a command injection vulnerability found in the TRENDnet TEW-432BRP router, specifically in the formWPS function accessed via the /goform/formWPS endpoint.

An attacker can exploit this vulnerability by sending a specially crafted HTTP POST request with the peerPin parameter manipulated to include commands such as 'reboot'.

Due to insufficient input validation, the router executes these injected commands, allowing remote attackers to perform arbitrary command execution.


How can this vulnerability impact me? :

This vulnerability can lead to a denial-of-service condition by allowing an attacker to remotely execute commands like rebooting the router.

Such unauthorized command execution can disrupt network availability and potentially allow further exploitation depending on the commands executed.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by sending a crafted HTTP POST request to the /goform/formWPS endpoint with the peerPin parameter set to a command such as reboot. If the device executes the command, it is vulnerable.

A detection command example using curl would be:

  • curl -X POST http://[router_ip]/goform/formWPS -d "peerPin=reboot"

If the router reboots or responds in a way indicating command execution, the vulnerability is present.


What immediate steps should I take to mitigate this vulnerability?

Since the affected product TRENDnet TEW-432BRP has been end-of-life for 15 years and no patches are available, immediate mitigation steps include:

  • Isolate the vulnerable device from untrusted networks to prevent remote exploitation.
  • Disable or restrict access to the /goform/formWPS endpoint if possible.
  • Replace the device with a supported and updated router model to ensure security.

Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart