CVE-2026-10161
Description
Stack-based buffer overflow in TRENDnet TEW-432BRP 3.10B20 allows remote attackers to crash or execute arbitrary code via crafted status_statistic parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Stack-based buffer overflow in TRENDnet TEW-432BRP 3.10B20 allows remote attackers to crash or execute arbitrary code via crafted status_statistic parameter.
Vulnerability
A stack-based buffer overflow exists in the formResetStatistic function within the /goform/formResetStatistic endpoint of TRENDnet TEW-432BRP firmware version 3.10B20. The vulnerability occurs when the status_statistic argument (also referred to as webpage in PoC examples) is processed without proper bounds checking, allowing an overly long input to overflow a stack buffer. This product has been end-of-life since 2009 and is no longer supported by the vendor [1].
Exploitation
An attacker with network access to the device's web interface can send a crafted POST request to /goform/formResetStatistic containing an excessively long status_statistic parameter. The request may require authentication; default credentials (admin/admin) are often used. The long input overwrites the function's return address on the stack, causing a buffer overflow. Public exploit code is available that demonstrates the crash by sending a string of 'a' characters [1].
Impact
Successful exploitation leads to denial of service (device crash) and could allow arbitrary code execution with root privileges, as the vulnerable service runs at a high privilege level. An attacker could fully compromise the router, execute arbitrary commands, alter configuration, or use it as a pivot point in the network.
Mitigation
The vendor has confirmed that the TEW-432BRP has been end-of-life for 15 years and will not release any patches. No workarounds exist. Users should replace the device with a supported model or isolate it from untrusted networks to reduce exposure.
AI Insight generated on May 31, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: = 3.10B20
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing input length validation in the `formResetStatistic` function allows a stack-based buffer overflow via the `webpage` parameter."
Attack vector
An unauthenticated attacker sends a crafted POST request to `/goform/formResetStatistic` with an overly long `webpage` argument. The request must include Basic Authorization credentials (default `admin:admin`) and be directed at the router's web interface on the LAN. Because the input is not validated, the long string overflows a stack buffer, overwriting the return address and enabling arbitrary code execution [ref_id=1].
Affected code
The vulnerability resides in the `formResetStatistic` function within the `/goform/formResetStatistic` file of the boa binary on the TRENDnet TEW-432BRP (firmware version 3.10B20). The function copies the attacker-supplied `webpage` parameter directly into a local stack variable without any length check [ref_id=1].
What the fix does
No patch is available. The vendor states the product has been end-of-life since 2009 and will not be fixed [ref_id=1]. The researcher recommends that string content be checked during input extraction to prevent the buffer overflow [ref_id=1]. Users should replace the device with a supported model.
Preconditions
- networkAttacker must have network access to the router's web interface (typically on the LAN at 192.168.10.1).
- networkThe router's web server must be running and accessible.
- authBasic authentication credentials are required (default admin:admin shown in the PoC).
Reproduction
Send a POST request to `http://<router-ip>/goform/formResetStatistic` with the body `clear=Reset&webpage=` followed by a long string of `a` characters (e.g., 820 bytes as shown in the PoC). The router will crash and become unresponsive [ref_id=1].
Generated on May 31, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4News mentions
0No linked articles in our index yet.