← Back
2026-05-30 15:0CVE-2026-10121VulDB
PUBLISHED5.2ApplicationCWE-121CWE-119unsupported-when-assigned

TRENDnet TEW-432BRP formSetUrlFilter stack-based overflow

A flaw has been found in TRENDnet TEW-432BRP 3.10B20. The impacted element is the function formSetUrlFilter of the file /goform/formSetUrlFilter. This manipulation of the argument keyword_list/keyword causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.

Problem type

Affected products

TRENDnet

TEW-432BRP

3.10B20 - AFFECTED

References

VDB-367298 | TRENDnet TEW-432BRP formSetUrlFilter stack-based overflow

https://vuldb.com/vuln/367298

vdb-entrytechnical-description
VDB-367298 | CTI Indicators (IOB, IOC, IOA)

https://vuldb.com/vuln/367298/cti

signaturepermissions-required
Submit #814763 | TRENDnet TEW-432BRP 3.10B20 Stack-based Buffer Overflow

https://vuldb.com/submit/814763

third-party-advisory
github.com

https://github.com/wudipjq/my_vuln/blob/main/TRENDnet/vuln_8/8.md

exploit

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-10121
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-10121",
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "dateUpdated": "2026-05-30T15:00:13.791Z",
    "dateReserved": "2026-05-29T17:19:24.327Z",
    "datePublished": "2026-05-30T15:00:13.791Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB",
        "dateUpdated": "2026-05-30T15:00:13.791Z"
      },
      "title": "TRENDnet TEW-432BRP formSetUrlFilter stack-based overflow",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw has been found in TRENDnet TEW-432BRP 3.10B20. The impacted element is the function formSetUrlFilter of the file /goform/formSetUrlFilter. This manipulation of the argument keyword_list/keyword causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor explains: \"This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities.\" This vulnerability only affects products that are no longer supported by the maintainer."
        }
      ],
      "affected": [
        {
          "vendor": "TRENDnet",
          "product": "TEW-432BRP",
          "cpes": [
            "cpe:2.3:a:trendnet:tew-432brp:*:*:*:*:*:*:*:*"
          ],
          "versions": [
            {
              "version": "3.10B20",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Stack-based Buffer Overflow",
              "cweId": "CWE-121",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Memory Corruption",
              "cweId": "CWE-119",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://vuldb.com/vuln/367298",
          "name": "VDB-367298 | TRENDnet TEW-432BRP formSetUrlFilter stack-based overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ]
        },
        {
          "url": "https://vuldb.com/vuln/367298/cti",
          "name": "VDB-367298 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ]
        },
        {
          "url": "https://vuldb.com/submit/814763",
          "name": "Submit #814763 | TRENDnet TEW-432BRP 3.10B20 Stack-based Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ]
        },
        {
          "url": "https://github.com/wudipjq/my_vuln/blob/main/TRENDnet/vuln_8/8.md",
          "tags": [
            "exploit"
          ]
        }
      ],
      "metrics": [
        {},
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "baseScore": 8.8,
            "baseSeverity": "HIGH"
          }
        },
        {
          "cvssV3_0": {
            "version": "3.0",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "baseScore": 8.8,
            "baseSeverity": "HIGH"
          }
        },
        {
          "cvssV2_0": {
            "version": "2.0",
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
            "baseScore": 9
          }
        }
      ],
      "timeline": [
        {
          "time": "2026-05-29T00:00:00.000Z",
          "lang": "en",
          "value": "Advisory disclosed"
        },
        {
          "time": "2026-05-29T02:00:00.000Z",
          "lang": "en",
          "value": "VulDB entry created"
        },
        {
          "time": "2026-05-29T19:24:38.000Z",
          "lang": "en",
          "value": "VulDB entry last update"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "pjqwudi_Buoy (VulDB User)",
          "type": "reporter"
        },
        {
          "lang": "en",
          "value": "VulDB CNA Team",
          "type": "coordinator"
        }
      ],
      "tags": [
        "unsupported-when-assigned"
      ]
    }
  }
}