CVE-2026-10122: Stack-based Buffer Overflow in TRENDnet TEW-432BRP
A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. This affects the function formSetProtocolFilter of the file /goform/formSetProtocolFilter. Such manipulation of the argument protocol_name leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.
AI Analysis
Technical Summary
The vulnerability CVE-2026-10122 affects TRENDnet TEW-432BRP version 3.10B20. It is a stack-based buffer overflow triggered by manipulating the protocol_name argument in the /goform/formSetProtocolFilter endpoint. This flaw can be exploited remotely without user interaction and requires low attack complexity and privileges. The vulnerability has a CVSS 4.0 score of 8.7, indicating high severity with high impact on confidentiality, integrity, and availability. The vendor has declared the product end-of-life for over 15 years and will not issue any fixes or mitigations.
Potential Impact
Successful exploitation of this vulnerability can lead to remote code execution or denial of service on affected devices. Given the high CVSS score and the nature of the buffer overflow, attackers could fully compromise the device. However, the affected product is no longer supported, and no patches or official mitigations are available, increasing the risk for users still operating this hardware.
Mitigation Recommendations
The vendor has explicitly stated that no fix or mitigation will be provided due to the product being end-of-life since 2009. Users are strongly advised to discontinue use of the TRENDnet TEW-432BRP device and replace it with a supported model. There is no official patch or temporary workaround available. Network segmentation or isolating the device from untrusted networks may reduce exposure but does not eliminate the risk.
CVE-2026-10122: Stack-based Buffer Overflow in TRENDnet TEW-432BRP
Description
A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. This affects the function formSetProtocolFilter of the file /goform/formSetProtocolFilter. Such manipulation of the argument protocol_name leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.
CVSS v4.0
Score 8.7high
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability CVE-2026-10122 affects TRENDnet TEW-432BRP version 3.10B20. It is a stack-based buffer overflow triggered by manipulating the protocol_name argument in the /goform/formSetProtocolFilter endpoint. This flaw can be exploited remotely without user interaction and requires low attack complexity and privileges. The vulnerability has a CVSS 4.0 score of 8.7, indicating high severity with high impact on confidentiality, integrity, and availability. The vendor has declared the product end-of-life for over 15 years and will not issue any fixes or mitigations.
Potential Impact
Successful exploitation of this vulnerability can lead to remote code execution or denial of service on affected devices. Given the high CVSS score and the nature of the buffer overflow, attackers could fully compromise the device. However, the affected product is no longer supported, and no patches or official mitigations are available, increasing the risk for users still operating this hardware.
Mitigation Recommendations
The vendor has explicitly stated that no fix or mitigation will be provided due to the product being end-of-life since 2009. Users are strongly advised to discontinue use of the TRENDnet TEW-432BRP device and replace it with a supported model. There is no official patch or temporary workaround available. Network segmentation or isolating the device from untrusted networks may reduce exposure but does not eliminate the risk.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-05-29T17:19:26.741Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a1affcce29bf47b503eb464
Added to database: 5/30/2026, 3:18:36 PM
Last enriched: 5/30/2026, 3:33:40 PM
Last updated: 5/31/2026, 4:11:19 AM
Views: 13
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.