PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-10063 TRENDnet CVE debrief

A stack-based buffer overflow vulnerability exists in the TRENDnet TEW-432BRP wireless router firmware version 3.10B20. The vulnerability resides in the `formWPS` function within the `/goform/formWPS` endpoint, where improper handling of the `peerPin` parameter allows remote attackers to trigger memory corruption. The CVSS 4.0 vector indicates network attack vector with low attack complexity, no user interaction required, and high impact to confidentiality, integrity, and availability. The vendor has explicitly stated this product reached end-of-life in 2009 and will not receive patches. Public exploit availability elevates practical risk despite the aged target surface.

Vendor
TRENDnet
Product
TEW-432BRP
CVSS
HIGH 7.4
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-29
Original CVE updated
2026-05-29
Advisory published
2026-05-29
Advisory updated
2026-05-29

Who should care

Network administrators maintaining legacy SOHO infrastructure, OT security teams with embedded device responsibilities, threat intelligence analysts tracking router exploitation campaigns, and compliance officers managing unsupported asset inventories

Technical summary

The vulnerability exists in the WPS (Wi-Fi Protected Setup) configuration handler of the TRENDnet TEW-432BRP firmware. The `formWPS` function processes the `peerPin` parameter without adequate bounds checking, permitting stack memory corruption when oversized input is supplied. This is a classic stack-based buffer overflow (CWE-121) with network accessibility. The attack requires authentication context implied by PR:L (Privileges Required: Low) in the CVSS vector, suggesting some form of session or credential may be needed, though the description indicates remote attack possibility. The product's 15-year EOL status means no firmware remediation is available, rendering physical replacement the only definitive mitigation.

Defensive priority

HIGH

Recommended defensive actions

  • Inventory network infrastructure for TRENDnet TEW-432BRP devices and remove from production environments immediately
  • Block or restrict access to /goform/formWPS endpoint at network perimeter if device retirement is not immediately feasible
  • Implement network segmentation to isolate legacy embedded devices from critical assets
  • Monitor for anomalous requests to WPS configuration endpoints containing oversized peerPin parameters
  • Review threat intelligence feeds for indicators of compromise targeting EOL SOHO routers
  • Document exception handling for unsupported devices in risk register with compensating controls

Evidence notes

Vulnerability disclosed via VulDB with CNA-assigned CVSS 4.0 scoring. Vendor EOL statement confirms 2009 discontinuation. Multiple independent references document technical details. NVD status 'Undergoing Analysis' indicates ongoing evaluation. CWE-121 (stack-based buffer overflow) and CWE-119 (improper restriction of operations within buffer bounds) classifications apply.

Official resources

2026-05-29