CVE-2026-10159: TRENDnet TEW-432BRP Stack-Based Buffer Overflow

/HIGH /CVSS 8.8/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitybuffer-overflowcwe-119cwe-121
CVE-2026-10159: TRENDnet TEW-432BRP Stack-Based Buffer Overflow

The National Vulnerability Database has detailed CVE-2026-10159, a high-severity stack-based buffer overflow affecting TRENDnet TEW-432BRP devices. Specifically, the vulnerability resides in the formSysLog function within the /goform/formSysLog file. Manipulating the current_page argument can trigger the overflow, enabling remote attackers to exploit the flaw. An exploit for this vulnerability is publicly available.

TRENDnet confirmed the product, TEW-432BRP, reached End-of-Life (EOL) in 2009, making it unsupported for 15 years. Consequently, the vendor states they cannot replicate or patch the vulnerability. This means any devices still in operation are permanently exposed, underscoring the critical risks associated with maintaining EOL hardware in production environments. The CVSSv3.1 score of 8.8 (High) confirms the severity, highlighting potential for complete compromise.

For defenders, this is a stark reminder about asset inventory and lifecycle management. While the vendor is absolved, the risk transfers entirely to the asset owner. Attackers continually weaponize vulnerabilities in unsupported hardware because they know these devices often remain unpatched and forgotten, offering a persistent backdoor into networks. This isn’t just about TRENDnet; it’s a systemic problem in IT and OT environments with long-lived, unmonitored devices.

What This Means For You

  • If your organization has any TRENDnet TEW-432BRP devices, or similar EOL network hardware, you must immediately identify and decommission them. These devices are unpatchable and represent a critical, unmitigated attack vector. Assume compromise is trivial for attackers with public exploits. Audit your network for any devices that are past their vendor-supported lifecycle.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1200 Hardware Additions Persistence

🛡️ Detection Rules

2 rules · 6 SIEM formats

2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1190 Initial Access

CVE-2026-10159 TRENDnet TEW-432BRP formSysLog Stack Overflow Attempt

Sigma YAML — free preview 
title: CVE-2026-10159 TRENDnet TEW-432BRP formSysLog Stack Overflow Attempt
id: scw-2026-05-31-ai-1
status: experimental
level: critical
description: |
  This rule detects attempts to exploit CVE-2026-10159 by targeting the formSysLog function in the TRENDnet TEW-432BRP router. The exploit involves sending a POST request to '/goform/formSysLog' with a manipulated 'current_page' parameter, triggering a stack-based buffer overflow. This is a critical initial access vector for this vulnerability.
author: SCW Feed Engine (AI-generated)
date: 2026-05-31
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-10159/
tags:
  - attack.initial_access
  - attack.t1190
logsource:
    category: webserver
detection:
  selection:
      cs-uri: 
          - '/goform/formSysLog'
      cs-method: 
          - 'POST'
      cs-uri-query|contains:
          - 'current_page='
  condition: selection
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-10159 Buffer Overflow TRENDnet TEW-432BRP version 3.10B20
CVE-2026-10159 Buffer Overflow Vulnerable function: formSysLog in /goform/formSysLog
CVE-2026-10159 Buffer Overflow Vulnerable argument: current_page
CVE-2026-10159 Buffer Overflow Attack vector: Remote

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 31, 2026 at 05:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-48209: OTRS XSS Exposes Agent Sessions to Attackers

CVE-2026-48209 — An improper neutralization of user-controllable input in OTRS or ((OTRS)) Community Edition ticket handling allows authenticated attackers to perform reflected cross-site scripting (XSS)...

vulnerabilityCVEhigh-severitycross-site-scripting-xsscwe-79cwe-116
/SCW Vulnerability Desk /HIGH /7.1 /⚑ 4 IOCs /⚙ 2 Sigma

CVE-2026-48208 — Denial of Service

CVE-2026-48208 — An improper neutralization of active SVG content in OTRS or ((OTRS)) Community Edition ticket article rendering allows attackers to inject specially crafted SVG...

vulnerabilityCVEmedium-severitydenial-of-servicecwe-400cwe-791
/SCW Vulnerability Desk /MEDIUM /6.5 /⚑ 3 IOCs /⚙ 3 Sigma

CVE-2026-48189 — OTRS Customer Backend Module Vulnerability

CVE-2026-48189 — An improper Input Validation vulnerability in OTRS Customer Backend module allows to access customer information which are restricted to other groups. Please note...

vulnerabilityCVEmedium-severitycwe-200
/SCW Vulnerability Desk /MEDIUM /5.7 /⚑ 2 IOCs /⚙ 1 Sigma