CVE-2026-10180
Deferred Deferred - Pending Action
Command Injection in TRENDnet TEW-432BRP

Publication date: 2026-05-31

Last updated on: 2026-05-31

Assigner: VulDB

Description
A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. Impacted is the function formSysCmd of the file /goform/formSysCmd. Such manipulation of the argument sysCmd leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-31
Last Modified
2026-05-31
Generated
2026-06-20
AI Q&A
2026-05-31
EPSS Evaluated
2026-06-19
NVD
CVE-2026-10180
EUVD
EUVD-2026-33500
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
trendnet tew-432brp 3.10b20
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-10180 is a command injection vulnerability found in the TRENDnet TEW-432BRP router, specifically in the formSysCmd function accessed via the /goform/formSysCmd endpoint.

An attacker can send a specially crafted HTTP POST request containing a manipulated sysCmd parameter that the device executes without proper input validation.

This allows the attacker to execute arbitrary commands on the device remotely, such as rebooting the router, leading to potential system compromise.

Impact Analysis

This vulnerability allows remote attackers to execute arbitrary commands on the affected TRENDnet router, which can lead to unauthorized control over the device.

Potential impacts include disruption of network services (e.g., forced reboot), compromise of the router’s integrity, and possibly further exploitation of the network connected to the device.

Since the device is no longer supported or patched by the vendor, the risk remains unmitigated.

Detection Guidance

This vulnerability can be detected by monitoring for HTTP POST requests sent to the `/goform/formSysCmd` endpoint containing the `sysCmd` parameter with suspicious or unexpected values.

A practical detection method is to capture network traffic and look for POST requests targeting `/goform/formSysCmd` with parameters that attempt to inject commands, such as `sysCmd=reboot` or other shell commands.

For example, using command-line tools like curl or network monitoring tools, you can check if such requests are being made.

  • Use tcpdump or Wireshark to filter HTTP POST requests to `/goform/formSysCmd`.
  • Example tcpdump command: `tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep '/goform/formSysCmd'`
  • Use curl to test manually: `curl -X POST http://<device-ip>/goform/formSysCmd -d 'sysCmd=reboot'` to see if the device executes the command.
Mitigation Strategies

Since the affected TRENDnet TEW-432BRP device is end-of-life and no patches or fixes are available, immediate mitigation steps focus on limiting exposure and preventing exploitation.

  • Isolate the vulnerable device from untrusted networks, especially the internet.
  • Disable remote management or access to the device's web interface if possible.
  • Implement network-level controls such as firewall rules to block incoming HTTP POST requests to `/goform/formSysCmd`.
  • Monitor network traffic for suspicious requests targeting the vulnerable endpoint.

Ultimately, consider replacing the device with a supported model to ensure security updates and patches.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-10180. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart