PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-10158 TRENDnet CVE debrief

A stack-based buffer overflow in the TRENDnet TEW-432BRP wireless router permits remote, unauthenticated attackers to execute arbitrary code via a crafted `server_name` parameter in the `/goform/formPortFw` endpoint. The vendor has explicitly declined to issue a fix, noting the product reached end-of-life in 2009 (15 years prior to disclosure) and that it cannot replicate or remediate vulnerabilities for unsupported hardware. Public exploit availability elevates practical risk despite the aged target base.

Vendor
TRENDnet
Product
TEW-432BRP
CVSS
HIGH 7.4
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-31
Original CVE updated
2026-05-31
Advisory published
2026-05-31
Advisory updated
2026-05-31

Who should care

Organizations with legacy TRENDnet TEW-432BRP deployments, managed service providers maintaining aged client infrastructure, and security teams responsible for IoT/OT asset inventory and network segmentation.

Technical summary

The TRENDnet TEW-432BRP firmware version 3.10B20 contains a stack-based buffer overflow in the `formPortFw` function within `/goform/formPortFw`. The `server_name` argument is not properly bounds-checked, allowing an attacker to overwrite the stack and achieve remote code execution. The attack requires network reachability to the router's web interface and no authentication is needed. The product has been end-of-life since 2009; the vendor has stated it cannot reproduce or fix the flaw. A public exploit is available, increasing the likelihood of active targeting in environments where these devices remain deployed.

Defensive priority

HIGH

Recommended defensive actions

  • Remove TRENDnet TEW-432BRP devices from all production, guest, or management networks immediately; no patch will be issued.
  • Block or restrict access to device management interfaces (TCP 80/443 and any custom admin ports) at network perimeters; do not expose to untrusted networks.
  • Inspect network traffic and logs for requests to `/goform/formPortFw` with oversized or anomalous `server_name` values as potential exploitation indicators.
  • Replace affected devices with actively supported routers and confirm vendor security update policies before procurement.
  • Segment legacy IoT networks with strict egress filtering and monitor for unexpected outbound connections from EOL device subnets.

Evidence notes

Vuldb CNA references confirm the vulnerable function `formPortFw`, the affected argument `server_name`, and stack-based buffer overflow classification (CWE-121). CVSS 4.0 vector from NVD source metadata indicates network attack vector, low attack complexity, no required privileges, and high impacts to confidentiality, integrity, and availability. Vendor EOL statement is reproduced in the CVE description field.

Official resources

Public exploit released; vendor will not fix (EOL since 2009).