CVE-2026-10062
Analyzed Analyzed - Analysis Complete
Stack-Based Buffer Overflow in TRENDnet TEW-432BRP

Publication date: 2026-05-29

Last updated on: 2026-06-03

Assigner: VulDB

Description
A vulnerability was determined in TRENDnet TEW-432BRP 3.10B20. Affected by this vulnerability is the function formSetRoute of the file /goform/formSetRoute. This manipulation of the argument ip/mask/gateway causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-29
Last Modified
2026-06-03
Generated
2026-06-19
AI Q&A
2026-05-29
EPSS Evaluated
2026-06-18
NVD
CVE-2026-10062
EUVD
EUVD-2026-33322
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
trendnet tew-432brp_firmware 3.10b20
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

However, since the vulnerability allows remote exploitation causing a stack-based buffer overflow that can disrupt router services, it could indirectly affect compliance by compromising network availability and potentially the security of data transmitted through the affected device.

Given that the affected product is end-of-life and no fixes are available, organizations relying on this device may face challenges in maintaining compliance with security requirements mandated by such regulations.

Executive Summary

CVE-2026-10062 is a stack-based buffer overflow vulnerability in the TRENDnet TEW-432BRP router, specifically in the function formSetRoute accessed via /goform/formSetRoute.

The vulnerability occurs because the 'ip' parameter in an HTTP POST request is copied directly into a local stack variable without proper input validation or length checks.

An attacker can exploit this by sending a specially crafted long string as the 'ip' value, which overwrites the function's return address, causing the router to crash and become unresponsive.

This vulnerability can be exploited remotely and is due to insufficient input sanitization in the parameter extraction process.

Impact Analysis

Exploitation of this vulnerability can cause the affected TRENDnet router to crash and become permanently unresponsive, disrupting network services.

This denial of service can interrupt internet connectivity or internal network operations, potentially affecting business continuity or personal network usage.

Since the device is no longer supported and cannot be patched, the risk remains unless the device is replaced.

Detection Guidance

This vulnerability can be detected by sending a crafted HTTP POST request to the /goform/formSetRoute endpoint with an abnormally long string in the 'ip' parameter. If the device crashes or becomes unresponsive after this request, it indicates the presence of the buffer overflow vulnerability.

A simple detection command using curl could be:

  • curl -X POST http://[router_ip]/goform/formSetRoute -d "ip=$(python3 -c 'print("a"*500)')&mask=255.255.255.0&gateway=192.168.0.1"

If the router crashes or stops responding after this command, it confirms the vulnerability.

Mitigation Strategies

Since the affected TRENDnet TEW-432BRP device has been end-of-life for 15 years and no patches or fixes are available, immediate mitigation steps include:

  • Remove or isolate the vulnerable device from the network to prevent remote exploitation.
  • Replace the device with a supported and updated router model that receives security patches.
  • If replacement is not immediately possible, restrict access to the device's management interface by limiting IP addresses that can reach it or disabling remote management.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-10062. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart