CVE-2026-10161: TRENDnet TEW-432BRP Stack-Based Buffer Overflow

/HIGH /CVSS 8.8/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitybuffer-overflowcwe-119cwe-121
CVE-2026-10161: TRENDnet TEW-432BRP Stack-Based Buffer Overflow

The National Vulnerability Database (NVD) has released details on CVE-2026-10161, a high-severity stack-based buffer overflow affecting the TRENDnet TEW-432BRP wireless router, specifically within the formResetStatistic function of /goform/formResetStatistic. A remote attacker can exploit this by manipulating the status_statistic argument. The exploit code is now public, making this a critical threat for unpatched devices.

The concerning reality here is that TRENDnet has declared the TEW-432BRP product End-of-Life (EOL) since 2009, making it unsupported for over 15 years. According to TRENDnet, they are “not able to replicate or fix any vulnerabilities” for this device due to its EOL status. This means there will be no official patch.

With a CVSSv3.1 score of 8.8 (High), this vulnerability poses a significant risk. Any organization or individual still using this specific TRENDnet router is exposed to remote compromise. The attacker’s calculus is simple: target easily identifiable, unpatched, EOL hardware that will never receive a fix.

What This Means For You

  • If your network still contains any TRENDnet TEW-432BRP routers, they are a ticking time bomb. This device is EOL, unpatched, and has a public exploit for a high-severity remote vulnerability. You need to identify and remove or replace these devices immediately. They are a critical entry point for attackers into your network, offering full compromise (C:H/I:H/A:H).

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1200 Hardware Additions Persistence

🛡️ Detection Rules

2 rules · 6 SIEM formats

2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1190 Initial Access

CVE-2026-10161 TRENDnet TEW-432BRP formResetStatistic Stack Overflow

Sigma YAML — free preview 
title: CVE-2026-10161 TRENDnet TEW-432BRP formResetStatistic Stack Overflow
id: scw-2026-05-31-ai-1
status: experimental
level: critical
description: |
  This rule detects attempts to exploit CVE-2026-10161 by targeting the formResetStatistic function in the TRENDnet TEW-432BRP router. The exploit involves sending a POST request to '/goform/formResetStatistic' with a manipulated 'status_statistic' parameter, triggering a stack-based buffer overflow. This is a critical detection for initial access via this specific vulnerability.
author: SCW Feed Engine (AI-generated)
date: 2026-05-31
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-10161/
tags:
  - attack.initial_access
  - attack.t1190
logsource:
    category: webserver
detection:
  selection:
      cs-uri|contains:
          - '/goform/formResetStatistic'
      cs-uri-query|contains:
          - 'status_statistic='
      cs-method:
          - 'POST'
  condition: selection
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-10161 Buffer Overflow TRENDnet TEW-432BRP version 3.10B20
CVE-2026-10161 Buffer Overflow Vulnerable function: formResetStatistic in /goform/formResetStatistic
CVE-2026-10161 Buffer Overflow Vulnerable argument: status_statistic
CVE-2026-10161 Buffer Overflow Attack type: Stack-based buffer overflow

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 31, 2026 at 06:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-48209: OTRS XSS Exposes Agent Sessions to Attackers

CVE-2026-48209 — An improper neutralization of user-controllable input in OTRS or ((OTRS)) Community Edition ticket handling allows authenticated attackers to perform reflected cross-site scripting (XSS)...

vulnerabilityCVEhigh-severitycross-site-scripting-xsscwe-79cwe-116
/SCW Vulnerability Desk /HIGH /7.1 /⚑ 4 IOCs /⚙ 2 Sigma

CVE-2026-48208 — Denial of Service

CVE-2026-48208 — An improper neutralization of active SVG content in OTRS or ((OTRS)) Community Edition ticket article rendering allows attackers to inject specially crafted SVG...

vulnerabilityCVEmedium-severitydenial-of-servicecwe-400cwe-791
/SCW Vulnerability Desk /MEDIUM /6.5 /⚑ 3 IOCs /⚙ 3 Sigma

CVE-2026-48189 — OTRS Customer Backend Module Vulnerability

CVE-2026-48189 — An improper Input Validation vulnerability in OTRS Customer Backend module allows to access customer information which are restricted to other groups. Please note...

vulnerabilityCVEmedium-severitycwe-200
/SCW Vulnerability Desk /MEDIUM /5.7 /⚑ 2 IOCs /⚙ 1 Sigma