CVE-2026-10180 TRENDnet CVE debrief

Who should care

Organizations operating legacy network infrastructure, particularly small-office/home-office (SOHO) deployments still utilizing TRENDnet TEW-432BRP routers. Security teams responsible for asset lifecycle management and network segmentation. Managed service providers supporting environments with unmanaged or aged hardware.

Technical summary

The `formSysCmd` function in `/goform/formSysCmd` fails to sanitize the `sysCmd` argument, allowing an authenticated or otherwise authorized remote attacker to inject and execute arbitrary operating system commands on the TRENDnet TEW-432BRP device. The vulnerability is exploitable over the network and a public proof-of-concept exists. The product has been end-of-life since 2009, and the vendor has explicitly declined to provide a fix.

Defensive priority

low

Recommended defensive actions

• Remove or replace TRENDnet TEW-432BRP devices from all networks; no vendor patch will be issued due to 15-year EOL status.
• Block or restrict access to the `/goform/formSysCmd` endpoint at network boundaries if device replacement is not immediately feasible.
• Segment EOL devices into isolated network zones with no external inbound access and minimal lateral movement paths.
• Monitor for unauthorized access attempts or anomalous traffic targeting router management interfaces, particularly HTTP/HTTPS requests to `/goform/formSysCmd`.
• Inventory network infrastructure for additional EOL or unsupported equipment and prioritize replacement based on exposure to untrusted networks.

Evidence notes

Vendor EOL statement is reproduced from the CVE description field. CVSS vector and weakness enumerations (CWE-74, CWE-77) are sourced from NVD metadata. Exploit disclosure is confirmed by reference to a public GitHub repository. Vendor attribution to TRENDnet is derived from the CVE description and reference materials; the vendor field in source metadata is marked low-confidence and flagged for review.

Official resources