CVE-2026-10063
Description
A vulnerability was identified in TRENDnet TEW-432BRP 3.10B20. Affected by this issue is the function formWPS of the file /goform/formWPS. Such manipulation of the argument peerPin leads to stack-based buffer overflow. The attack may be performed from remote. The exploit is publicly available and might be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
TRENDnet TEW-432BRP firmware 3.10B20 has a stack-based buffer overflow via the peerPin argument in the formWPS function, enabling remote code execution.
Vulnerability
The vulnerability resides in the formWPS function of the /goform/formWPS endpoint in TRENDnet TEW-432BRP firmware version 3.10B20. The argument peerPin is copied directly into a stack-based local variable without length validation, leading to a stack-based buffer overflow [1]. The product has been end-of-life since 2009 and is no longer supported by the vendor.
Exploitation
An unauthenticated attacker can trigger the overflow remotely by sending a crafted HTTP POST request to /goform/formWPS with an overly long peerPin value. No authentication is required as the endpoint is accessible without prior login. The exploit is publicly available and includes a proof-of-concept that sends a long string of a characters to crash the device [1].
Impact
Successful exploitation overwrites the return address on the stack, potentially allowing an attacker to execute arbitrary code on the device. This leads to complete compromise of the router's confidentiality, integrity, and availability at the highest privilege level [1].
Mitigation
The vendor has stated that the product has been EOL for 15 years (since 2009) and will not provide a security fix [1]. Users are strongly advised to replace the affected TEW-432BRP unit with a supported and currently maintained router. No workaround is available.
AI Insight generated on May 29, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: = 3.10B20
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing input length validation in the formWPS function allows a stack-based buffer overflow via the peerPin argument."
Attack vector
An attacker sends a crafted HTTP POST request to `/goform/formWPS` with an overly long `peerPin` parameter. The request requires authentication (Basic auth credentials are included in the PoC). Because the input is not validated before being copied to a stack buffer, the overflow overwrites the return address, enabling arbitrary code execution. The attack is performed remotely over the network [ref_id=1].
Affected code
The vulnerability resides in the function `formWPS` within the file `/goform/formWPS` of the TRENDnet TEW-432BRP firmware version 3.10B20. The `peerPin` argument is copied directly to a stack-based local variable without any length check, leading to a stack-based buffer overflow.
What the fix does
No patch is available. The vendor states the product has been end-of-life since 2009 and will not be fixed. The researcher recommends checking the string content during input extraction to prevent the overflow [ref_id=1]. Without a patch, the only mitigation is to retire or isolate the device.
Preconditions
- authThe attacker must have valid credentials to authenticate to the router's web interface (Basic auth).
- networkThe attacker must be able to send HTTP requests to the router's management interface over the network.
- inputThe `peerPin` parameter must be supplied with a payload exceeding the stack buffer size.
Reproduction
Send a POST request to `/goform/formWPS` with a long `peerPin` value (e.g., hundreds of 'a' characters) as shown in the PoC [ref_id=1]. The router will crash and become unresponsive.
Generated on May 29, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4News mentions
0No linked articles in our index yet.