How is CVE-2026-10122 exploited?

Network reachability (required): The attacker must reach the device's web management interface over the network. Authentication (required): A low-privilege account on the router's web interface is sufficient to invoke the vulnerable handler. Victim interaction (not-required): No user action is needed; the attacker sends the malicious request directly to the endpoint. Attack complexity (info): Attack complexity is low and a public exploit has been disclosed, making the bug reliable to trigger.

What is the impact of CVE-2026-10122?

Executes attacker-controlled code in the context of the router's web service, typically with elevated privileges on the device. Reads or modifies router configuration, including firewall rules, DNS settings, and stored credentials. Disrupts the device by crashing the management service or rendering the router unresponsive.

Back to search

HIGHCVE-2026-10122Published 2026-05-30Modified 2026-05-30CNA VulDB

CVE-2026-10122: TRENDnet TEW-432BRP formSetProtocolFilter stack-based overflow

A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. This affects the function formSetProtocolFilter of the file /goform/formSetProtocolFilter. Such manipulation of the argument protocol_name leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.

HarborGuard Analysis

HarborGuard analysis

Synopsis

A stack-based buffer overflow in the formSetProtocolFilter handler of the TRENDnet TEW-432BRP router lets an attacker overflow a fixed-size stack buffer through the protocol_name argument sent to /goform/formSetProtocolFilter. The bug is reachable over the network and requires only a low-privilege account on the device's web interface; successful exploitation corrupts the router's memory and enables arbitrary code execution, configuration tampering, or a denial of service against the device. The product has been end-of-life since 2009 and the vendor has stated it will not issue a fix, so HarborGuard tracks the advisory for any future patch availability.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against container images in customer registries and CI pipelines, including custom-built images that embed firmware or router management components.

Available

Triage

Triage is available with the published CVSS v4.0 score of 8.7 (High) layered against each customer's compliance policy weighting, and findings are routed to the appropriate inbox inside each customer org so the right team sees it first.

Available

Patch

Because no upstream fix exists and the vendor has declared the product end-of-life, HarborGuard re-checks the advisory on every ingest cycle and will make a patched rebuild available the moment any upstream fix is published; in the meantime, environments are flagged for compensating controls.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The attacker must reach the device's web management interface over the network.
AuthenticationRequired
A low-privilege account on the router's web interface is sufficient to invoke the vulnerable handler.
Victim interactionNot required
No user action is needed; the attacker sends the malicious request directly to the endpoint.
Attack complexityDetail
Attack complexity is low and a public exploit has been disclosed, making the bug reliable to trigger.

Blast Radius

Executes attacker-controlled code in the context of the router's web service, typically with elevated privileges on the device.
Reads or modifies router configuration, including firewall rules, DNS settings, and stored credentials.
Disrupts the device by crashing the management service or rendering the router unresponsive.

How HarborGuard Handles This

Available on HarborGuard: continuous monitoring of this advisory with automatic re-evaluation on each ingest cycle, since the vendor has confirmed no fix will be released. Affected environments receive compensating-control suggestions such as removing the device's management interface from any reachable network segment, restricting access via network policy and ACLs, rotating any credentials that may be shared with the device, and planning replacement of the EOL hardware. If an upstream or community fix ever ships, a patched rebuild becomes available automatically, and customers with auto-remediation enabled get a rebuild, regression-test run, and a PR opened against affected workloads.

See how HarborGuard automates this

CVSS v4.0: 8.7
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

TRENDnet / TEW-432BRP
3.10B20

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

References