TRENDnet TEW-432BRP Stack Buffer Overflow: EOL Device Poses Remote Risk

/HIGH /CVSS 8.8/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitybuffer-overflowcwe-119cwe-121
TRENDnet TEW-432BRP Stack Buffer Overflow: EOL Device Poses Remote Risk

A critical stack-based buffer overflow, identified as CVE-2026-10183, exists in the formWlanSetup function of TRENDnet TEW-432BRP firmware version 3.10B20. The National Vulnerability Database (NVD) reports that manipulating the enrollee argument can trigger this vulnerability, which is remotely exploitable. A public exploit is already available, significantly increasing the immediate risk.

TRENDnet has confirmed that the TEW-432BRP has been End-of-Life (EOL) since 2009. The vendor states they cannot replicate or fix vulnerabilities for a product that has been unsupported for 15 years. This means no official patch will ever be released. The NVD assigns this vulnerability a CVSSv3.1 score of 8.8 (High), indicating severe impact with potential for complete compromise of confidentiality, integrity, and availability.

This situation underscores a persistent problem for defenders: EOL devices are often left unaddressed, becoming persistent backdoors. Attackers specifically target these devices because they know they won’t be patched. Any organization still running a TRENDnet TEW-432BRP is operating with a known, critical vulnerability that can be exploited remotely by anyone with the public exploit.

What This Means For You

  • If your organization still has a TRENDnet TEW-432BRP router deployed, it is critically exposed to remote compromise via CVE-2026-10183. Identify and immediately remove or replace these EOL devices from your network. They are unpatchable and represent a clear, present danger.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1200 Hardware Additions Persistence

🛡️ Detection Rules

2 rules · 6 SIEM formats

2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1190 Initial Access

CVE-2026-10183 TRENDnet TEW-432BRP formWlanSetup Buffer Overflow

Sigma YAML — free preview 
title: CVE-2026-10183 TRENDnet TEW-432BRP formWlanSetup Buffer Overflow
id: scw-2026-05-31-ai-1
status: experimental
level: critical
description: |
  Detects attempts to exploit CVE-2026-10183 by targeting the formWlanSetup endpoint with a POST request and manipulating the 'enrollee' parameter, which is known to cause a stack buffer overflow in the TRENDnet TEW-432BRP device. This rule specifically looks for the vulnerable URI path and the presence of the 'enrollee' parameter in the query string, indicating a potential exploit attempt against this EOL device.
author: SCW Feed Engine (AI-generated)
date: 2026-05-31
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-10183/
tags:
  - attack.initial_access
  - attack.t1190
logsource:
    category: webserver
detection:
  selection:
      cs-uri|contains:
          - '/goform/formWlanSetup'
      cs-uri-query|contains:
          - 'enrollee='
      cs-method|exact:
          - 'POST'
  condition: selection
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-10183 Buffer Overflow TRENDnet TEW-432BRP version 3.10B20
CVE-2026-10183 Buffer Overflow Vulnerable function: formWlanSetup in /goform/formWlanSetup
CVE-2026-10183 Buffer Overflow Vulnerable argument: enrollee
CVE-2026-10183 Buffer Overflow CWE-121: Stack-based Buffer Overflow

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 31, 2026 at 17:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-48209: OTRS XSS Exposes Agent Sessions to Attackers

CVE-2026-48209 — An improper neutralization of user-controllable input in OTRS or ((OTRS)) Community Edition ticket handling allows authenticated attackers to perform reflected cross-site scripting (XSS)...

vulnerabilityCVEhigh-severitycross-site-scripting-xsscwe-79cwe-116
/SCW Vulnerability Desk /HIGH /7.1 /⚑ 4 IOCs /⚙ 2 Sigma

CVE-2026-48208 — Denial of Service

CVE-2026-48208 — An improper neutralization of active SVG content in OTRS or ((OTRS)) Community Edition ticket article rendering allows attackers to inject specially crafted SVG...

vulnerabilityCVEmedium-severitydenial-of-servicecwe-400cwe-791
/SCW Vulnerability Desk /MEDIUM /6.5 /⚑ 3 IOCs /⚙ 3 Sigma

CVE-2026-48189 — OTRS Customer Backend Module Vulnerability

CVE-2026-48189 — An improper Input Validation vulnerability in OTRS Customer Backend module allows to access customer information which are restricted to other groups. Please note...

vulnerabilityCVEmedium-severitycwe-200
/SCW Vulnerability Desk /MEDIUM /5.7 /⚑ 2 IOCs /⚙ 1 Sigma