CVE-2026-10061: Command Injection in TRENDnet TEW-432BRP
A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. Affected is the function formWPS of the file /goform/formWPS. The manipulation of the argument peerPin results in command injection. The attack can be executed remotely. The exploit has been made public and could be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.
AI Analysis
Technical Summary
This vulnerability involves a command injection flaw in the TRENDnet TEW-432BRP router firmware version 3.10B20. The issue exists in the formWPS function where the peerPin parameter can be manipulated remotely to inject commands. Because the product has been end-of-life for over 15 years, the vendor does not offer patches or remediation. The vulnerability is publicly known, but no confirmed exploits in the wild have been reported.
Potential Impact
Successful exploitation allows remote attackers to execute arbitrary commands on the affected device, potentially compromising the router. However, the impact is limited to devices running an unsupported and very old firmware version. No active exploits in the wild have been confirmed.
Mitigation Recommendations
No official fix or patch is available due to the product's end-of-life status. Users are advised to replace the affected device with a supported model to mitigate the risk. Patch status is not confirmed; check vendor advisories for any updates, though none are expected.
CVE-2026-10061: Command Injection in TRENDnet TEW-432BRP
Description
A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. Affected is the function formWPS of the file /goform/formWPS. The manipulation of the argument peerPin results in command injection. The attack can be executed remotely. The exploit has been made public and could be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.
CVSS v4.0
Score 5.3medium
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves a command injection flaw in the TRENDnet TEW-432BRP router firmware version 3.10B20. The issue exists in the formWPS function where the peerPin parameter can be manipulated remotely to inject commands. Because the product has been end-of-life for over 15 years, the vendor does not offer patches or remediation. The vulnerability is publicly known, but no confirmed exploits in the wild have been reported.
Potential Impact
Successful exploitation allows remote attackers to execute arbitrary commands on the affected device, potentially compromising the router. However, the impact is limited to devices running an unsupported and very old firmware version. No active exploits in the wild have been confirmed.
Mitigation Recommendations
No official fix or patch is available due to the product's end-of-life status. Users are advised to replace the affected device with a supported model to mitigate the risk. Patch status is not confirmed; check vendor advisories for any updates, though none are expected.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-05-29T08:19:49.839Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a199936e29bf47b50eaf3bc
Added to database: 5/29/2026, 1:48:38 PM
Last enriched: 5/29/2026, 2:18:36 PM
Last updated: 5/31/2026, 4:50:13 AM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.