CVE-2026-10158
Description
Stack-based buffer overflow in TRENDnet TEW-432BRP router's formPortFw function allows remote unauthenticated attackers to crash the device or execute arbitrary code.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Stack-based buffer overflow in TRENDnet TEW-432BRP router's formPortFw function allows remote unauthenticated attackers to crash the device or execute arbitrary code.
Vulnerability
A stack-based buffer overflow vulnerability exists in the TRENDnet TEW-432BRP router running firmware version 3.10B20. The flaw resides in the formPortFw function within the /goform/formPortFw endpoint. The server_name parameter is copied directly into a stack buffer without any length validation, allowing an attacker to overwrite the return address and adjacent memory. [1]
Exploitation
An attacker can exploit this vulnerability by sending a crafted HTTP POST request to the router's web interface. The request must include an overly long server_name value. No authentication is required if the default credentials (admin/admin) are still in use, as demonstrated in the public proof-of-concept. The attack can be launched remotely if the router's management interface is exposed to the network. [1]
Impact
Successful exploitation can cause a denial of service (router crash) or, with careful payload construction, arbitrary code execution at the system level. This gives the attacker full control over the affected device. [1]
Mitigation
No patch or fix is available. The vendor has declared the product end-of-life (EOL) since 2009 and stated they cannot replicate or fix the vulnerability. Users are strongly advised to replace the TEW-432BRP with a supported device. This vulnerability is not currently listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.
AI Insight generated on May 31, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: = 3.10B20
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing input length validation on the `server_name` argument in the `formPortFw` function leads to a stack-based buffer overflow."
Attack vector
An unauthenticated attacker sends a crafted HTTP POST request to `/goform/formPortFw` with an overly long `server_name` parameter. The request is sent over the network to the router's web interface (default IP 192.168.10.1). No prior authentication is required because the PoC includes a hardcoded Basic Authorization header (`YWRtaW46YWRtaW4=`, i.e. admin:admin) [ref_id=1].
Affected code
The vulnerability resides in the `formPortFw` function inside the `boa` binary at `/goform/formPortFw`. The `server_name` argument is copied directly into a stack buffer without length checking, causing a stack-based buffer overflow [ref_id=1].
What the fix does
No patch is available. The vendor states the product has been end-of-life since 2009 and will not be fixed. The advisory recommends that input string length should be validated before copying to the stack buffer, but no code change has been published [ref_id=1].
Preconditions
- networkAttacker must have network access to the router's web interface (typically on port 80/443 at 192.168.10.1).
- configThe router must be running firmware version 3.10B20 of the TEW-432BRP.
- authThe PoC uses hardcoded Basic auth credentials (admin:admin), implying the attacker needs valid credentials or the device must have default credentials enabled.
Reproduction
Send an HTTP POST request to `http://<router-ip>/goform/formPortFw` with a `server_name` parameter containing a long string of 'a' characters (e.g., 900+ bytes). The router will crash and become unresponsive. A full example request is provided in the researcher's write-up [ref_id=1].
Generated on May 31, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4News mentions
0No linked articles in our index yet.