CVE-2026-10063

TRENDnet TEW-432BRP formWPS stack-based overflow

CVSS 8.7 HIGHEPSS 0.9%CWE-119 CWE-121

A vulnerability was identified in TRENDnet TEW-432BRP 3.10B20. Affected by this issue is the function formWPS of the file /goform/formWPS. Such manipulation of the argument peerPin leads to stack-based buffer overflow. The attack may be performed from remote. The exploit is publicly available and might be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Affected products

TRENDnet · TEW-432BRP

public PoCs found — 1

cve_referencegithub.com/wudipjq/my_vuln/blob/main/TRENDnet/vuln_4/4.mdunverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/wudipjq/my_vuln/blob/main/TRENDnet/vuln_4/4.md https://vuldb.com/submit/814759 https://vuldb.com/vuln/367149 https://vuldb.com/vuln/367149/cti