How is CVE-2026-10183 exploited?

Network reachability (required): The vulnerable endpoint is exposed over the network; an attacker must be able to send HTTP requests to the device's web interface. Authentication (required): A low-privilege authenticated account on the device is sufficient to reach the formWlanSetup handler and trigger the overflow. Victim interaction (not-required): No action from another user or administrator is needed; the attacker sends a crafted request directly. Attack complexity (info): Exploit conditions are straightforward and reliable with no race conditions or special environmental factors required; a public exploit is already available.

What is the impact of CVE-2026-10183?

Reads device configuration including stored wireless credentials and any session tokens managed by the router firmware. Overwrites stack memory to redirect execution, enabling arbitrary code execution at the privilege level of the web server process. Crashes the formWlanSetup handler or the broader web management service, disrupting device administration and potentially causing a full device restart. Because the device acts as a network gateway, a compromised router can be used to intercept or redirect traffic for all hosts on the connected LAN segment.

Back to search

HIGHCVE-2026-10183Published 2026-05-31Modified 2026-05-31CNA VulDB

CVE-2026-10183: TRENDnet TEW-432BRP formWlanSetup stack-based overflow

A vulnerability was identified in TRENDnet TEW-432BRP 3.10B20. This affects the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argument enrollee leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.

HarborGuard Analysis

HarborGuard analysis

Synopsis

A stack-based buffer overflow exists in the TRENDnet TEW-432BRP wireless router (firmware 3.10B20), specifically in the formWlanSetup handler exposed via the /goform/formWlanSetup endpoint. The vulnerability is reachable over the network by any authenticated user with a low-privilege account, and no victim interaction is needed. Successful exploitation gives an attacker full read and write access to the device and can crash it; no patch will be issued because TRENDnet declared the hardware end-of-life in 2009. HarborGuard tracks this advisory and will make a patched rebuild available if upstream ever publishes a fix.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream feeds, including VulDB, within minutes of publication and matched against all customer images in connected registries and CI pipelines, including custom-built images that embed this firmware or derivative packages.

Available

Triage

HarborGuard scores this finding at CVSS 8.7 (HIGH) using the v4.0 vector and applies each customer organization's compliance policy weighting to determine urgency before routing the finding to the appropriate team inbox.

Available

Patch

Because TRENDnet has confirmed no fix will be released for this end-of-life product, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available the moment any upstream fix is published. In the meantime, compensating-control recommendations, including network-policy isolation and egress filtering for affected workloads, are surfaced in the finding detail for each matched image.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The vulnerable endpoint is exposed over the network; an attacker must be able to send HTTP requests to the device's web interface.
AuthenticationRequired
A low-privilege authenticated account on the device is sufficient to reach the formWlanSetup handler and trigger the overflow.
Victim interactionNot required
No action from another user or administrator is needed; the attacker sends a crafted request directly.
Attack complexityDetail
Exploit conditions are straightforward and reliable with no race conditions or special environmental factors required; a public exploit is already available.

Blast Radius

Reads device configuration including stored wireless credentials and any session tokens managed by the router firmware.
Overwrites stack memory to redirect execution, enabling arbitrary code execution at the privilege level of the web server process.
Crashes the formWlanSetup handler or the broader web management service, disrupting device administration and potentially causing a full device restart.
Because the device acts as a network gateway, a compromised router can be used to intercept or redirect traffic for all hosts on the connected LAN segment.

How HarborGuard Handles This

Available on HarborGuard: this CVE is continuously matched against customer images on every registry scan and pipeline build. Because TRENDnet has publicly stated no patch will be produced for this end-of-life hardware, there is no fix version to rebuild against. HarborGuard re-evaluates the advisory on each ingest cycle; if a community or third-party patch is ever published, a patched-image rebuild will become available automatically, and customers with auto-remediation enabled will receive a rebuild, a regression-test run, and a PR opened against affected workloads. Until then, the recommended compensating controls are: isolate any container or workload embedding this firmware behind a restrictive network policy that blocks inbound access to the management interface from untrusted network segments, apply egress filtering to prevent a compromised instance from pivoting further into the environment, and evaluate whether the workload can be replaced with a supported alternative. These control suggestions are surfaced directly in the HarborGuard finding detail for each matched image where compliance policy permits.

See how HarborGuard automates this

CVSS v4.0: 8.7
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

TRENDnet / TEW-432BRP
3.10B20

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

References