CVE-2026-10120
Stack-Based Buffer Overflow in TRENDnet TEW-432BRP
Publication date: 2026-05-30
Last updated on: 2026-05-30
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| trendnet | tew-432brp | 3.10b20 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-10120 is a stack-based buffer overflow vulnerability found in the TRENDnet TEW-432BRP router firmware, specifically in the function formSetFirewallRule accessed via the /goform/formSetFirewallRule endpoint.
The vulnerability occurs because the 'firewall_name' parameter is copied into a local stack variable without proper input validation or sanitization. An attacker can send a specially crafted POST request with an overly long string to overwrite the function's return address on the stack.
This causes the router to crash and become unresponsive, disrupting its services. The attack can be executed remotely.
How can this vulnerability impact me? :
This vulnerability can lead to a denial of service condition by crashing the affected TRENDnet router, making it unresponsive and disrupting network services.
Because the exploit is publicly available and can be triggered remotely with low complexity, attackers can easily exploit this flaw to interrupt your network connectivity.
Additionally, since the vulnerability allows overwriting the return address, it could potentially be leveraged for more advanced attacks, although the primary known impact is service disruption.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending a specially crafted POST request to the '/goform/formSetFirewallRule' endpoint with a long string in the 'firewall_name' parameter. If the device crashes or becomes unresponsive, it indicates the presence of the vulnerability.
A detection command example using curl would be:
- curl -X POST -d "firewall_name=$(python3 -c 'print("a"*1000)')" http://<router-ip>/goform/formSetFirewallRule
If the router crashes or stops responding after this request, it confirms the vulnerability due to the stack-based buffer overflow caused by the long 'firewall_name' input.
What immediate steps should I take to mitigate this vulnerability?
Since the affected TRENDnet TEW-432BRP product has been end-of-life for 15 years and no patches or fixes are available, immediate mitigation steps include:
- Isolate the vulnerable device from untrusted networks to prevent remote exploitation.
- Disable remote management or access to the device if possible.
- Replace the device with a supported and updated router model to ensure security patches and vendor support.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.