CVE-2026-10064
Description
A security flaw has been discovered in TRENDnet TEW-432BRP 3.10B20. This affects the function formSetPortTr of the file /goform/formSetPortTr. Performing a manipulation of the argument special_name results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Stack-based buffer overflow in TRENDnet TEW-432BRP router's formSetPortTr function allows remote code execution; product is EOL since 2009, no fix available.
Vulnerability
The vulnerability is a stack-based buffer overflow in the formSetPortTr function within /goform/formSetPortTr of the TRENDnet TEW-432BRP router firmware version 3.10B20. The special_name parameter is copied directly into a stack buffer without length validation, allowing an attacker to overwrite the return address. [1]
Exploitation
An attacker can exploit this remotely by sending a crafted POST request to /goform/formSetPortTr with an overly long special_name parameter. No authentication is required as the PoC includes an Authorization header with default credentials (admin:admin). The provided PoC causes a crash by overflowing the buffer with 'a' characters. [1]
Impact
Successful exploitation leads to buffer overflow, overwriting the return address, which can be leveraged to execute arbitrary code on the device. The attacker gains full control of the router, potentially enabling further network compromise. [1]
Mitigation
No fix is available as the product has been end-of-life (EOL) since 2009, and the vendor has stated they cannot replicate or fix vulnerabilities. Users are advised to replace the device with a supported model. [1]
AI Insight generated on May 29, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: = 3.10B20
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing input length validation in the formSetPortTr function allows a stack-based buffer overflow via the special_name parameter."
Attack vector
An attacker sends a crafted HTTP POST request to `/goform/formSetPortTr` with an overly long `special_name` parameter. The request must include valid authentication credentials (the PoC uses Basic auth with `YWRtaW46YWRtaW4=`) and a valid Referer header. The long `special_name` value overflows the stack buffer, overwriting the return address and causing a crash or potentially arbitrary code execution [ref_id=1].
Affected code
The vulnerable function is `formSetPortTr` in the file `/goform/formSetPortTr` within the boa binary on the TRENDnet TEW-432BRP (firmware version 3.10B20). The `special_name` parameter is copied directly to a stack-based local variable without any length check [ref_id=1].
What the fix does
No patch is available. The vendor states the product has been end-of-life since 2009 and they are unable to replicate or fix any vulnerabilities. The researcher recommends that string content should be checked during input extraction to prevent the buffer overflow [ref_id=1].
Preconditions
- networkAttacker must have network access to the router's web interface
- authAttacker must provide valid authentication credentials (Basic auth)
- inputAttacker must send a crafted POST request with an overly long special_name parameter
Reproduction
Send an HTTP POST request to `http://<router-ip>/goform/formSetPortTr` with a very long `special_name` value (e.g., 1000+ 'a' characters) in the body. The PoC request includes headers such as `Authorization: Basic YWRtaW46YWRtaW4=` and `Referer: http://192.168.10.1/fw_specialap.asp`. The router will crash and become unresponsive [ref_id=1].
Generated on May 29, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4News mentions
0No linked articles in our index yet.