PatchSiren cyber security CVE debrief
CVE-2026-10121 TRENDnet CVE debrief
A stack-based buffer overflow vulnerability exists in the TRENDnet TEW-432BRP wireless router firmware version 3.10B20. The vulnerability resides in the `formSetUrlFilter` function within the `/goform/formSetUrlFilter` endpoint, where the `keyword_list`/`keyword` parameter is not properly validated before being copied to a fixed-size stack buffer. This allows remote attackers to execute arbitrary code or cause a denial of service by sending crafted HTTP requests with oversized keyword values. The vulnerability was published on 2026-05-30 and last modified on 2026-06-01. TRENDnet has explicitly stated this product reached end-of-life in 2009 (15 years ago) and will not provide fixes. The exploit has been publicly disclosed. CVSS 4.0 score: 7.4 (HIGH). CWE-121 (Stack-based Buffer Overflow) and CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) apply. No KEV listing or known ransomware campaign use is documented.
- Vendor
- TRENDnet
- Product
- TEW-432BRP
- CVSS
- HIGH 7.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-30
- Original CVE updated
- 2026-06-01
- Advisory published
- 2026-05-30
- Advisory updated
- 2026-06-01
Who should care
Organizations with legacy TRENDnet TEW-432BRP deployments; network administrators maintaining aging infrastructure; security teams responsible for IoT/embedded device risk management; compliance officers tracking unsupported equipment in regulated environments
Technical summary
The TRENDnet TEW-432BRP 3.10B20 firmware contains a stack-based buffer overflow in the `formSetUrlFilter` function of `/goform/formSetUrlFilter`. The `keyword_list`/`keyword` parameter is copied to a stack buffer without proper bounds checking, enabling remote code execution. The product has been end-of-life since 2009 with no vendor support. Public exploit availability increases immediate risk.
Defensive priority
critical
Recommended defensive actions
- Immediately remove all TRENDnet TEW-432BRP devices from production networks; no patch will be issued due to 15-year EOL status
- Block or restrict access to router management interfaces (TCP 80/443) at network boundaries; do not expose to untrusted networks
- Implement network segmentation to isolate any remaining legacy devices from critical assets
- Monitor for suspicious HTTP POST requests to /goform/formSetUrlFilter containing oversized keyword_list or keyword parameters
- Review network asset inventories to identify and decommission other EOL network infrastructure equipment
- Consider replacement with actively supported router hardware from vendors with defined security update lifecycles
Evidence notes
Vulnerability confirmed by VulDB CNA with published exploit. Vendor EOL statement explicitly acknowledges vulnerability but declines remediation due to 15-year EOL status. NVD status: Deferred.
Official resources
2026-05-30T16:17:04.250Z