TRENDnet TEW-432BRP RCE: EOL Device Stack Buffer Overflow
The National Vulnerability Database has disclosed CVE-2026-10158, a high-severity stack-based buffer overflow affecting the TRENDnet TEW-432BRP router, specifically in the formPortFw function within /goform/formPortFw. Manipulating the server_name argument can lead to remote code execution. This vulnerability carries a CVSS score of 8.8 (High).
Critically, an exploit for this flaw has been publicly released, meaning attackers now have readily available tools to leverage it. TRENDnet has confirmed the device, the TEW-432BRP, reached End-of-Life (EOL) in 2009, making it unsupported and unpatchable. This highlights a persistent problem in network security: legacy hardware.
Attackers consistently target unpatched, EOL devices because they represent low-hanging fruit. For defenders, these devices are blind spots and significant attack vectors. They often remain active in less-critical segments or forgotten corners of the network, providing an easy foothold for lateral movement or data exfiltration. The vendor’s stance is clear: no patch is coming.
What This Means For You
- If your organization still has any TRENDnet TEW-432BRP routers deployed, they are now a critical risk. The public exploit means these devices are actively vulnerable to remote takeover. Identify and immediately decommission or isolate any EOL network hardware. These devices offer no defensive value and only expand your attack surface.
Related ATT&CK Techniques
🛡️ Detection Rules
2 rules · 6 SIEM formats2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-10158 TRENDnet TEW-432BRP formPortFw Stack Buffer Overflow
title: CVE-2026-10158 TRENDnet TEW-432BRP formPortFw Stack Buffer Overflow
id: scw-2026-05-31-ai-1
status: experimental
level: critical
description: |
Detects the specific URI path and query parameter used in the exploitation of CVE-2026-10158. The vulnerability lies in the formPortFw function where a stack-based buffer overflow can be triggered by manipulating the 'server_name' argument. This rule specifically looks for POST requests to '/goform/formPortFw' containing 'server_name=' in the query string, indicating an attempt to exploit this vulnerability.
author: SCW Feed Engine (AI-generated)
date: 2026-05-31
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-10158/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri|contains:
- '/goform/formPortFw'
cs-uri-query|contains:
- 'server_name='
cs-method|exact:
- 'POST'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-10158 | Buffer Overflow | TRENDnet TEW-432BRP version 3.10B20 |
| CVE-2026-10158 | Buffer Overflow | Vulnerable function: formPortFw in /goform/formPortFw |
| CVE-2026-10158 | Buffer Overflow | Vulnerable argument: server_name |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 31, 2026 at 05:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-48209: OTRS XSS Exposes Agent Sessions to Attackers
CVE-2026-48209 — An improper neutralization of user-controllable input in OTRS or ((OTRS)) Community Edition ticket handling allows authenticated attackers to perform reflected cross-site scripting (XSS)...
CVE-2026-48208 — Denial of Service
CVE-2026-48208 — An improper neutralization of active SVG content in OTRS or ((OTRS)) Community Edition ticket article rendering allows attackers to inject specially crafted SVG...
CVE-2026-48189 — OTRS Customer Backend Module Vulnerability
CVE-2026-48189 — An improper Input Validation vulnerability in OTRS Customer Backend module allows to access customer information which are restricted to other groups. Please note...