CVE-2026-10182
Received Received - Intake
Command Injection in TRENDnet TEW-432BRP

Publication date: 2026-05-31

Last updated on: 2026-05-31

Assigner: VulDB

Description
A vulnerability was determined in TRENDnet TEW-432BRP 3.10B20. The impacted element is the function formWlanSetup of the file /goform/formWlanSetup. Executing a manipulation of the argument enrollee can lead to command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-31
Last Modified
2026-05-31
Generated
2026-05-31
AI Q&A
2026-05-31
EPSS Evaluated
N/A
NVD
CVE-2026-10182
EUVD
EUVD-2026-33504
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
trendnet tew-432brp 3.10b20
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the TRENDnet TEW-432BRP router, specifically in the function formWlanSetup accessed via the /goform/formWlanSetup endpoint. It allows an attacker to perform command injection by manipulating the 'enrollee' argument. This means that an attacker can send specially crafted input that the router executes as a system command.

For example, by sending an HTTP POST request with the 'enrollee' parameter set to 'reboot', the router will execute the reboot command without validating or sanitizing the input. This improper input validation leads to unauthorized command execution on the device.


How can this vulnerability impact me? :

This vulnerability can allow a remote attacker to execute arbitrary commands on the affected router. In the demonstrated case, an attacker can cause the router to reboot unexpectedly, leading to denial of service and disruption of network connectivity.

Because the device is no longer supported and cannot be patched, the risk remains unmitigated, potentially allowing attackers to exploit this vulnerability repeatedly.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by sending a crafted HTTP POST request to the vulnerable endpoint and observing the response or behavior of the device.

Specifically, sending a POST request to the `/goform/formWlanSetup` URL with the parameter `enrollee` set to a command such as `reboot` can trigger the vulnerability if present.

For example, you can use the following curl command to test for the vulnerability:

  • curl -X POST http://[router_ip]/goform/formWlanSetup -d "enrollee=reboot"

If the device reboots or executes the command, it indicates the presence of the vulnerability due to improper input validation.


What immediate steps should I take to mitigate this vulnerability?

Since the affected product TRENDnet TEW-432BRP has been end-of-life (EOL) for 15 years and the vendor does not provide fixes or support, immediate mitigation options are limited.

Recommended immediate steps include:

  • Disconnect the vulnerable device from the network to prevent remote exploitation.
  • Replace the device with a supported and updated model that receives security patches.
  • If replacement is not immediately possible, restrict network access to the device by using firewall rules or network segmentation to limit exposure.
  • Monitor network traffic for suspicious POST requests targeting `/goform/formWlanSetup` with unusual parameters.

How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

However, since the vulnerability allows remote command injection on an unsupported device, it could potentially lead to unauthorized access or disruption, which might indirectly affect compliance if sensitive data or system availability governed by such regulations is compromised.

No explicit details or assessments regarding regulatory compliance impact are given in the available resources.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart