CVE-2026-10160: TRENDnet TEW-432BRP Stack-Based Buffer Overflow

/HIGH /CVSS 8.8/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitybuffer-overflowcwe-119cwe-121
CVE-2026-10160: TRENDnet TEW-432BRP Stack-Based Buffer Overflow

The National Vulnerability Database has detailed CVE-2026-10160, a high-severity stack-based buffer overflow affecting the TRENDnet TEW-432BRP router. Specifically, the vulnerability resides in the formSetEnableWizard function within the /goform/formSetEnableWizard file. Manipulation of the start_wizard argument can trigger the overflow, leading to remote code execution.

This vulnerability, with a CVSS score of 8.8, is concerning due to its remote exploitability and public disclosure. However, TRENDnet has confirmed that the TEW-432BRP has been End-of-Life (EOL) since 2009. The vendor states they cannot replicate or fix vulnerabilities for a product EOL for 15 years. This means no official patches will ever be released.

While the direct impact is limited to unsupported devices, the existence of a publicly disclosed exploit for an EOL product highlights persistent risks. Organizations and individuals still running these devices are exposed to significant compromise. Attackers often target EOL hardware due to the absence of security updates and the likelihood of misconfiguration or neglect.

What This Means For You

  • If your network still contains any TRENDnet TEW-432BRP routers, they are an unpatchable, high-risk entry point. You must immediately identify and decommission these devices. Replace them with currently supported hardware that receives regular security updates. Do not assume EOL status means irrelevance; for attackers, it often signals an easy target.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1200 Hardware Additions Persistence

🛡️ Detection Rules

1 rule · 6 SIEM formats

1 detection rule auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1190 Initial Access

CVE-2026-10160: TRENDnet TEW-432BRP formSetEnableWizard Buffer Overflow Attempt

Sigma YAML — free preview 
title: CVE-2026-10160: TRENDnet TEW-432BRP formSetEnableWizard Buffer Overflow Attempt
id: scw-2026-05-31-ai-1
status: experimental
level: critical
description: |
  Detects attempts to exploit CVE-2026-10160 by targeting the formSetEnableWizard function in TRENDnet TEW-432BRP devices. The vulnerability is triggered by manipulating the 'start_wizard' parameter, leading to a stack-based buffer overflow. This rule specifically looks for POST requests to the vulnerable URI with the 'start_wizard' parameter, indicating a potential exploit attempt.
author: SCW Feed Engine (AI-generated)
date: 2026-05-31
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-10160/
tags:
  - attack.initial_access
  - attack.t1190
logsource:
    category: webserver
detection:
  selection:
      cs-uri|contains:
          - '/goform/formSetEnableWizard'
      cs-method|exact:
          - 'POST'
      cs-uri-query|contains:
          - 'start_wizard='
  condition: selection
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-10160 Buffer Overflow TRENDnet TEW-432BRP version 3.10B20
CVE-2026-10160 Buffer Overflow Vulnerable function: formSetEnableWizard in /goform/formSetEnableWizard
CVE-2026-10160 Buffer Overflow Vulnerable argument: start_wizard
CVE-2026-10160 RCE Remote attack vector

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 31, 2026 at 06:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-48209: OTRS XSS Exposes Agent Sessions to Attackers

CVE-2026-48209 — An improper neutralization of user-controllable input in OTRS or ((OTRS)) Community Edition ticket handling allows authenticated attackers to perform reflected cross-site scripting (XSS)...

vulnerabilityCVEhigh-severitycross-site-scripting-xsscwe-79cwe-116
/SCW Vulnerability Desk /HIGH /7.1 /⚑ 4 IOCs /⚙ 2 Sigma

CVE-2026-48208 — Denial of Service

CVE-2026-48208 — An improper neutralization of active SVG content in OTRS or ((OTRS)) Community Edition ticket article rendering allows attackers to inject specially crafted SVG...

vulnerabilityCVEmedium-severitydenial-of-servicecwe-400cwe-791
/SCW Vulnerability Desk /MEDIUM /6.5 /⚑ 3 IOCs /⚙ 3 Sigma

CVE-2026-48189 — OTRS Customer Backend Module Vulnerability

CVE-2026-48189 — An improper Input Validation vulnerability in OTRS Customer Backend module allows to access customer information which are restricted to other groups. Please note...

vulnerabilityCVEmedium-severitycwe-200
/SCW Vulnerability Desk /MEDIUM /5.7 /⚑ 2 IOCs /⚙ 1 Sigma