CVE-2026-10182: Command Injection in TRENDnet TEW-432BRP
CVE-2026-10182 is a command injection vulnerability in the TRENDnet TEW-432BRP router firmware version 3. 10B20. The flaw exists in the formWlanSetup function, where manipulation of the 'enrollee' argument can lead to remote command injection. The product has been end-of-life (EOL) since 2009, and the vendor does not provide fixes or support for this vulnerability. The CVSS 4. 0 score rates this issue as medium severity. No official patch or remediation is available due to the product's discontinued status.
AI Analysis
Technical Summary
This vulnerability affects the TRENDnet TEW-432BRP router running firmware 3.10B20. An attacker can remotely exploit a command injection flaw in the formWlanSetup function by manipulating the 'enrollee' parameter. The vendor has confirmed the product is EOL since 2009 and will not issue a fix. The CVSS 4.0 base score is 5.3 (medium), reflecting network attack vector, low complexity, no privileges required, and no user interaction needed. No known exploits in the wild have been reported.
Potential Impact
Successful exploitation allows remote attackers to execute arbitrary commands on the affected device, potentially leading to unauthorized control or disruption of the router. However, the impact is limited to devices still running this outdated and unsupported firmware version. Since the product is EOL and unsupported, no official remediation is available, increasing risk for those still using the device.
Mitigation Recommendations
No official patch or fix is available because the product has been end-of-life since 2009 and the vendor does not support it. Users are advised to discontinue use of the TRENDnet TEW-432BRP device or replace it with a supported model. Network segmentation or isolating the device from untrusted networks may reduce exposure, but these are not vendor-recommended mitigations.
CVE-2026-10182: Command Injection in TRENDnet TEW-432BRP
Description
CVE-2026-10182 is a command injection vulnerability in the TRENDnet TEW-432BRP router firmware version 3. 10B20. The flaw exists in the formWlanSetup function, where manipulation of the 'enrollee' argument can lead to remote command injection. The product has been end-of-life (EOL) since 2009, and the vendor does not provide fixes or support for this vulnerability. The CVSS 4. 0 score rates this issue as medium severity. No official patch or remediation is available due to the product's discontinued status.
CVSS v4.0
Score 5.3medium
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability affects the TRENDnet TEW-432BRP router running firmware 3.10B20. An attacker can remotely exploit a command injection flaw in the formWlanSetup function by manipulating the 'enrollee' parameter. The vendor has confirmed the product is EOL since 2009 and will not issue a fix. The CVSS 4.0 base score is 5.3 (medium), reflecting network attack vector, low complexity, no privileges required, and no user interaction needed. No known exploits in the wild have been reported.
Potential Impact
Successful exploitation allows remote attackers to execute arbitrary commands on the affected device, potentially leading to unauthorized control or disruption of the router. However, the impact is limited to devices still running this outdated and unsupported firmware version. Since the product is EOL and unsupported, no official remediation is available, increasing risk for those still using the device.
Mitigation Recommendations
No official patch or fix is available because the product has been end-of-life since 2009 and the vendor does not support it. Users are advised to discontinue use of the TRENDnet TEW-432BRP device or replace it with a supported model. Network segmentation or isolating the device from untrusted networks may reduce exposure, but these are not vendor-recommended mitigations.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-05-30T16:28:30.330Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a1c38ade29bf47b5012f49d
Added to database: 5/31/2026, 1:33:33 PM
Last enriched: 5/31/2026, 1:48:40 PM
Last updated: 5/31/2026, 2:48:04 PM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.