How is CVE-2026-10179 exploited?

Network reachability (required): The vulnerable endpoint is exposed over the network, meaning an attacker must be able to reach the device's HTTP interface remotely. Authentication (required): A low-privilege authenticated session is sufficient; any valid account on the device satisfies this requirement. Victim interaction (not-required): No victim interaction is needed; the attacker submits a crafted request directly without requiring any user action. Attack complexity (info): Attack complexity is low, meaning the exploit is reliable and requires no special conditions, race windows, or environmental dependencies.

What is the impact of CVE-2026-10179?

An attacker can overwrite the stack and redirect execution, achieving remote code execution on the device. All credentials, Wi-Fi passphrases, and network configuration stored on the router are readable by the attacker. The attacker can modify router settings, including wireless encryption configuration and routing rules. The overflow can crash the affected firmware process, taking the router offline and disrupting network connectivity for all connected clients.

Back to search

HIGHCVE-2026-10179Published 2026-05-31Modified 2026-05-31CNA VulDB

CVE-2026-10179: TRENDnet TEW-432BRP formSetWlanEncrypt stack-based overflow

A flaw has been found in TRENDnet TEW-432BRP 3.10B20. This issue affects the function formSetWlanEncrypt of the file /goform/formSetWlanEncrypt. This manipulation of the argument webpage causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.

HarborGuard Analysis

HarborGuard analysis

Synopsis

A stack-based buffer overflow exists in the TRENDnet TEW-432BRP router (firmware 3.10B20) within the formSetWlanEncrypt function, reachable via the /goform/formSetWlanEncrypt endpoint over the network. The flaw is triggered by passing an oversized value in the webpage argument, and requires a low-privilege authenticated session to exploit. Successful exploitation gives an attacker full control over the device, including the ability to read, modify, or crash it. No patch exists and none is expected; TRENDnet has confirmed the product reached end-of-life in 2009 and will not issue a fix. HarborGuard tracks the advisory and will make a patched rebuild available if upstream ever publishes one.

HarborGuard Coverage

Detection

Detection of CVE-2026-10179 is available across every HarborGuard environment; the CVE is ingested from upstream feeds within minutes of publication and matched against all customer images in connected registries and CI/CD pipelines, including internally built images that bundle affected firmware or base layers derived from TEW-432BRP 3.10B20 components.

Available

Triage

Triage is available with the full CVSS v4.0 score of 8.7 (HIGH), weighted against each customer organization's compliance policy to determine priority; findings are routed to the appropriate team inbox within the customer org based on configured ownership rules.

Available

Patch

Because no fix version has been published and no patch is expected from the vendor, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment an upstream fix is released. In the meantime, customers can use HarborGuard's compensating-control recommendations to isolate affected workloads.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The vulnerable endpoint is exposed over the network, meaning an attacker must be able to reach the device's HTTP interface remotely.
AuthenticationRequired
A low-privilege authenticated session is sufficient; any valid account on the device satisfies this requirement.
Victim interactionNot required
No victim interaction is needed; the attacker submits a crafted request directly without requiring any user action.
Attack complexityDetail
Attack complexity is low, meaning the exploit is reliable and requires no special conditions, race windows, or environmental dependencies.

Blast Radius

An attacker can overwrite the stack and redirect execution, achieving remote code execution on the device.
All credentials, Wi-Fi passphrases, and network configuration stored on the router are readable by the attacker.
The attacker can modify router settings, including wireless encryption configuration and routing rules.
The overflow can crash the affected firmware process, taking the router offline and disrupting network connectivity for all connected clients.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-10179 is active across all connected environments, flagging any image or workload that includes components tied to TRENDnet TEW-432BRP 3.10B20. Because the vendor has permanently closed this vulnerability with no fix planned (EOL since 2009), no patched rebuild will be generated unless an upstream fix is eventually published, at which point HarborGuard will make the rebuild available automatically. For customers running environments where this firmware appears in container images or embedded device management tooling, HarborGuard surfaces compensating-control recommendations including network-policy isolation to restrict access to the affected HTTP endpoint, egress filtering to limit lateral movement if the device is compromised, and feature-flag gating to disable exposure of the /goform/formSetWlanEncrypt endpoint where the application layer permits. The advisory is re-evaluated on every ingest cycle so response is immediate if vendor posture changes.

See how HarborGuard automates this

CVSS v4.0: 8.7
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

TRENDnet / TEW-432BRP
3.10B20

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

References