Vulnerabilities ›

CVE-2026-10062

High

CWE-119 — Weakness Type

                    Published: May 29, 2026                      ·  Modified: Jun 3, 2026                      ·  Source: NVD                

CVSS v3

8.8

🔗 NVD Official

📄 Description (English)

A vulnerability was determined in TRENDnet TEW-432BRP 3.10B20. Affected by this vulnerability is the function formSetRoute of the file /goform/formSetRoute. This manipulation of the argument ip/mask/gateway causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.

🤖 AI Executive Summary

A stack-based buffer overflow vulnerability exists in the TRENDnet TEW-432BRP router's formSetRoute function that allows remote code execution through malformed IP/mask/gateway parameters. This end-of-life device from 2009 receives no vendor support or patches, making it critically vulnerable to exploitation.

📄 Description (Arabic)

ثغرة تجاوز المخزن المؤقت المستند إلى المكدس في وظيفة formSetRoute بموجه TRENDnet TEW-432BRP تسمح بتنفيذ تعليمات برمجية عشوائية عن بعد دون مصادقة. تم الكشف عن الثغرة علناً والمورد رفض إصدار تصحيحات لأن المنتج انتهت صلاحيته منذ 15 سنة.

🤖 ملخص تنفيذي (AI)

ثغرة تجاوز المخزن المؤقت المستند إلى المكدس موجودة في وظيفة formSetRoute لموجه TRENDnet TEW-432BRP تسمح بتنفيذ التعليمات البرمجية عن بعد. هذا الجهاز الذي انتهت صلاحيته منذ عام 2009 لا يتلقى أي دعم أو تصحيحات من المورد.

🤖 AI Intelligence Analysis Analyzed: Jun 3, 2026 12:17

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

telecom government banking energy

🎯 MITRE ATT&CK Techniques

T1190 T1133 T1068

⚖️ Saudi Risk Score (AI)

9.0

/ 10.0

🔧 Remediation Steps (English)

Immediately discontinue use of TRENDnet TEW-432BRP routers and replace with modern, supported networking equipment. If replacement is not immediately possible, isolate affected devices from critical networks, disable remote management features, implement strict network access controls, and monitor for suspicious activity. Do not expose these devices to untrusted networks.

🔧 خطوات المعالجة (العربية)

توقف فوراً عن استخدام موجهات TRENDnet TEW-432BRP واستبدلها بمعدات شبكات حديثة مدعومة. إذا لم يكن الاستبدال ممكناً فوراً، فعزل الأجهزة المتأثرة عن الشبكات الحرجة وتعطيل ميزات الإدارة البعيدة وتطبيق ضوابط وصول صارمة للشبكة ومراقبة النشاط المريب.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

5.1 5.2 5.3

🔵 SAMA CSF

ID.AM-2 PR.DS-1 PR.IP-1

🟡 ISO 27001:2022

A.12.6.1 A.14.2.1 A.14.2.5

🔗 References & Sources 4

🔗

https://github.com/wudipjq/my_vuln/blob/main/TRENDnet/vuln_3/3.md

cna@vuldb.com

🔗

https://vuldb.com/submit/814758

cna@vuldb.com

🔗

https://vuldb.com/vuln/367148

cna@vuldb.com

🔗

https://vuldb.com/vuln/367148/cti

cna@vuldb.com

📊 CVSS Score

8.8

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score8.8

CWECWE-119

EPSS0.04%

Exploit No

Patch ✗ No

Published 2026-05-29

Source Feed nvd

🇸🇦 Saudi Risk Score

9.0

/ 10.0 — Saudi Risk

Priority: CRITICAL

🏷️ Tags

CWE-119

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-10062

Introduce Yourself

Sign In Required