CVE-2026-10162: TRENDnet Router Flaw Exposes EOL Devices
The National Vulnerability Database has disclosed CVE-2026-10162, a high-severity stack-based buffer overflow vulnerability (CVSS 8.8) affecting TRENDnet TEW-432BRP routers, specifically in the formSetPassword function. This flaw allows remote attackers to trigger the overflow by manipulating the webpage argument, with an exploit already published and available.
Critically, TRENDnet has confirmed the TEW-432BRP reached End-of-Life (EOL) in 2009, making it unsupported for 15 years. The vendor states they cannot replicate or fix the vulnerability. This means any active TEW-432BRP devices are permanently exposed to this remote attack vector, emphasizing the dangers of running unsupported network hardware.
Attackers consistently target EOL devices because they know these systems will never be patched. For defenders, this isn’t a theoretical risk; it’s a direct path to network compromise. The attacker’s calculus is simple: unpatched EOL gear is low-hanging fruit with a high probability of success.
What This Means For You
- If your organization still uses any EOL networking hardware, particularly TRENDnet TEW-432BRP routers, you are running a high-risk liability. Immediately identify and replace these devices. There will be no patch for CVE-2026-10162. Continued use is an open invitation for remote compromise.
Related ATT&CK Techniques
🛡️ Detection Rules
1 rule · 6 SIEM formats1 detection rule auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-10162 TRENDnet Router formSetPassword Buffer Overflow Attempt
title: CVE-2026-10162 TRENDnet Router formSetPassword Buffer Overflow Attempt
id: scw-2026-05-31-ai-1
status: experimental
level: critical
description: |
Detects attempts to exploit CVE-2026-10162 by targeting the formSetPassword function in TRENDnet routers. The exploit involves manipulating the 'webpage' argument via a POST request to the '/goform/formSetPassword' endpoint, which can trigger a stack-based buffer overflow. This rule specifically looks for the vulnerable URI path and the presence of the 'webpage=' parameter in the query string.
author: SCW Feed Engine (AI-generated)
date: 2026-05-31
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-10162/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri|contains:
- '/goform/formSetPassword'
cs-method|exact:
- 'POST'
cs-uri-query|contains:
- 'webpage='
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-10162 | Buffer Overflow | TRENDnet TEW-432BRP version 3.10B20 |
| CVE-2026-10162 | Buffer Overflow | Vulnerable function: formSetPassword in /goform/formSetPassword |
| CVE-2026-10162 | Buffer Overflow | Vulnerable argument: webpage in formSetPassword |
| CVE-2026-10162 | Buffer Overflow | Attack vector: Remote |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 31, 2026 at 06:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-48209: OTRS XSS Exposes Agent Sessions to Attackers
CVE-2026-48209 — An improper neutralization of user-controllable input in OTRS or ((OTRS)) Community Edition ticket handling allows authenticated attackers to perform reflected cross-site scripting (XSS)...
CVE-2026-48208 — Denial of Service
CVE-2026-48208 — An improper neutralization of active SVG content in OTRS or ((OTRS)) Community Edition ticket article rendering allows attackers to inject specially crafted SVG...
CVE-2026-48189 — OTRS Customer Backend Module Vulnerability
CVE-2026-48189 — An improper Input Validation vulnerability in OTRS Customer Backend module allows to access customer information which are restricted to other groups. Please note...