How is CVE-2026-10062 exploited?

Network reachability (required): The attacker must reach the router's HTTP management interface over the network (AV:N). Authentication (required): A low-privilege account on the device is sufficient to invoke formSetRoute (PR:L). Victim interaction (not-required): No user action is needed; the attacker drives the exploit directly against the endpoint (UI:N). Attack complexity (info): Attack complexity is low and a public exploit exists, so the overflow is reliably triggerable without environmental tuning (AC:L).

What is the impact of CVE-2026-10062?

Overwrites the stack of the router's web service, giving control of execution flow and typically full code execution on the device. Reads any configuration, credentials, and traffic-handling state held in router memory (VC:H). Modifies routing tables, firewall rules, DNS settings, and other persisted device configuration (VI:H). Crashes or bricks the router, disrupting all network traffic that depends on it (VA:H).

Back to search

HIGHCVE-2026-10062Published 2026-05-29Modified 2026-05-29CNA VulDB

CVE-2026-10062: TRENDnet TEW-432BRP formSetRoute stack-based overflow

A vulnerability was determined in TRENDnet TEW-432BRP 3.10B20. Affected by this vulnerability is the function formSetRoute of the file /goform/formSetRoute. This manipulation of the argument ip/mask/gateway causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.

HarborGuard Analysis

HarborGuard analysis

Synopsis

A stack-based buffer overflow in the formSetRoute handler (/goform/formSetRoute) of the TRENDnet TEW-432BRP router lets an authenticated remote attacker corrupt stack memory by supplying oversized ip, mask, or gateway arguments. The flaw is reachable over the network with any low-privilege account, requires no victim interaction, and successful exploitation gives full read, write, and crash impact on the device, typically leading to code execution on the router. The vendor has declared the product end-of-life since 2009 and will not issue a fix; HarborGuard tracks the advisory for any future patch availability.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against router and firmware images in customer registries and build pipelines, including custom-built images that embed the affected TRENDnet firmware components.

Available

Triage

Triage is available with the CVSS v4.0 score of 8.7 (High) applied automatically, then weighted against each customer's compliance policy so internet-exposed network appliances escalate faster than isolated lab devices, and the finding is routed to the appropriate inbox inside each customer org.

Available

Patch

Because the vendor has declared the device end-of-life and no fix is planned, HarborGuard re-checks the advisory on every ingest cycle and will make a patched rebuild available immediately if an upstream or community fix is ever published; in the meantime, compensating-control guidance is surfaced alongside the finding.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The attacker must reach the router's HTTP management interface over the network (AV:N).
AuthenticationRequired
A low-privilege account on the device is sufficient to invoke formSetRoute (PR:L).
Victim interactionNot required
No user action is needed; the attacker drives the exploit directly against the endpoint (UI:N).
Attack complexityDetail
Attack complexity is low and a public exploit exists, so the overflow is reliably triggerable without environmental tuning (AC:L).

Blast Radius

Overwrites the stack of the router's web service, giving control of execution flow and typically full code execution on the device.
Reads any configuration, credentials, and traffic-handling state held in router memory (VC:H).
Modifies routing tables, firewall rules, DNS settings, and other persisted device configuration (VI:H).
Crashes or bricks the router, disrupting all network traffic that depends on it (VA:H).

How HarborGuard Handles This

Available on HarborGuard: continuous monitoring of this advisory with automatic re-evaluation on every ingest cycle, so the moment any upstream or community patch appears it becomes available as a rebuilt image for affected environments. Because the TEW-432BRP has been EOL since 2009 and the vendor will not ship a fix, the finding is surfaced with compensating-control guidance, including restricting management-interface reachability to trusted VLANs, applying network-policy isolation in front of the device, blocking inbound access to /goform/formSetRoute at an upstream firewall, rotating any low-privilege device credentials, and planning hardware replacement; for customers who opt into auto-remediation, a rebuild and PR against affected workloads will be generated automatically if a patched firmware ever lands upstream.

See how HarborGuard automates this

CVSS v4.0: 8.7
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

TRENDnet / TEW-432BRP
3.10B20

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

References