CVE-2026-10062
Description
A vulnerability was determined in TRENDnet TEW-432BRP 3.10B20. Affected by this vulnerability is the function formSetRoute of the file /goform/formSetRoute. This manipulation of the argument ip/mask/gateway causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Stack-based buffer overflow in TRENDnet TEW-432BRP router's formSetRoute function allows remote unauthenticated attackers to crash the device or execute arbitrary code.
Vulnerability
A stack-based buffer overflow vulnerability exists in the formSetRoute function of the TRENDnet TEW-432BRP router running firmware version 3.10B20. The function is located in the file /goform/formSetRoute and processes the ip, mask, and gateway arguments from HTTP POST requests. These arguments are copied directly into a fixed-size stack buffer without any length validation, leading to a buffer overflow when overly long input is supplied [1].
Exploitation
An attacker with network access to the router's web interface can exploit this vulnerability by sending a crafted POST request to /goform/formSetRoute with an excessively long value for the ip, mask, or gateway parameter. The PoC demonstrates a request using default administrative credentials (admin:admin) and a long ip value that causes the router to crash [1]. While the CVE description states the attack is remotely exploitable, the reference indicates that valid administrative credentials are required to access the vulnerable endpoint.
Impact
Successful exploitation allows an attacker to overwrite the return address on the stack, potentially leading to arbitrary code execution with root privileges on the device. At a minimum, the overflow causes a denial of service by crashing the router. The vendor has confirmed that the product is end-of-life and will not provide a fix [1].
Mitigation
The TRENDnet TEW-432BRP has been end-of-life since 2009, and the vendor explicitly states they will not replicate or fix any vulnerabilities [1]. No patches or workarounds are available. Users are strongly advised to replace the device with a supported model to ensure security.
AI Insight generated on May 29, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: = 3.10B20
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing input length validation in the formSetRoute function allows stack-based buffer overflow via the ip, mask, and gateway parameters."
Attack vector
An unauthenticated attacker sends a crafted HTTP POST request to `/goform/formSetRoute` with an overly long `ip`, `mask`, or `gateway` parameter. The input is copied directly onto the stack without length checking, overwriting the return address and enabling arbitrary code execution [ref_id=1]. The attack is remotely exploitable over the network and requires no authentication beyond the default Basic credentials shown in the PoC.
Affected code
The vulnerability resides in the `formSetRoute` function inside the file `/goform/formSetRoute` of the TRENDnet TEW-432BRP firmware version 3.10B20. The function does not validate the length of the `ip`, `mask`, and `gateway` parameters before copying them into stack-local buffers, leading to a stack-based buffer overflow [ref_id=1].
What the fix does
No patch is available. The vendor states the product has been end-of-life since 2009 and will not replicate or fix the vulnerability [ref_id=1]. The advisory recommends that string content should be checked during input extraction, but no code fix has been published.
Preconditions
- networkThe attacker must be able to send HTTP requests to the router's web interface (typically on port 80).
- configThe router must be running the affected firmware version 3.10B20.
Reproduction
Send a POST request to `/goform/formSetRoute` with an `ip` parameter containing a long string of `a` characters (e.g., 980 bytes as shown in the PoC). The router will crash and become unresponsive [ref_id=1].
Generated on May 29, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4News mentions
0No linked articles in our index yet.