Vulnerabilities ›

CVE-2026-10121

High

CWE-119 — Weakness Type

                    Published: May 30, 2026                      ·  Modified: Jun 6, 2026                      ·  Source: NVD                

CVSS v3

8.8

🔗 NVD Official

📄 Description (English)

A flaw has been found in TRENDnet TEW-432BRP 3.10B20. The impacted element is the function formSetUrlFilter of the file /goform/formSetUrlFilter. This manipulation of the argument keyword_list/keyword causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.

🤖 AI Executive Summary

A stack-based buffer overflow vulnerability exists in the EOL TRENDnet TEW-432BRP router firmware version 3.10B20 through the formSetUrlFilter function, allowing remote code execution. The vulnerability affects unsupported legacy devices and poses significant risk to organizations still operating this hardware.

📄 Description (Arabic)

ثغرة تجاوز المخزن المؤقت المستند إلى المكدس في جهاز التوجيه TRENDnet TEW-432BRP الإصدار 3.10B20 من خلال وظيفة formSetUrlFilter تسمح بتنفيذ أوامر بعيدة. الجهاز انتهى دعمه منذ 15 سنة ولا يتلقى تحديثات أمان من البائع. هذه الثغرة تؤثر فقط على الأجهزة القديمة التي لا تزال قيد التشغيل في بعض المنظمات.

🤖 ملخص تنفيذي (AI)

🤖 AI Intelligence Analysis Analyzed: Jun 5, 2026 00:20

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: medium

🏢 Affected Saudi Sectors

telecom government banking

🎯 MITRE ATT&CK Techniques

T1190 T1068 T1543

⚖️ Saudi Risk Score (AI)

8.0

/ 10.0

🔧 Remediation Steps (English)

Immediately discontinue use of TRENDnet TEW-432BRP routers as they are EOL since 2009 with no vendor support. Replace with current-generation networking equipment from supported vendors. If immediate replacement is impossible, isolate affected devices on segregated networks with strict access controls and monitor for exploitation attempts.

🔧 خطوات المعالجة (العربية)

توقف فوري عن استخدام أجهزة التوجيه TRENDnet TEW-432BRP لأنها انتهت دعمها منذ 2009. استبدلها بأجهزة شبكة حديثة من بائعين معتمدين. إذا كان الاستبدال الفوري غير ممكن، عزل الأجهزة المتأثرة على شبكات منفصلة مع ضوابط وصول صارمة ومراقبة محاولات الاستغلال.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

5.1 5.2 5.3

🔵 SAMA CSF

ID.AM-2 PR.DS-1 PR.IP-1

🟡 ISO 27001:2022

A.12.6.1 A.14.2.1

🔗 References & Sources 4

🔗

https://github.com/wudipjq/my_vuln/blob/main/TRENDnet/vuln_8/8.md

cna@vuldb.com

🔗

https://vuldb.com/submit/814763

cna@vuldb.com

🔗

https://vuldb.com/vuln/367298

cna@vuldb.com

🔗

https://vuldb.com/vuln/367298/cti

cna@vuldb.com

📊 CVSS Score

8.8

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score8.8

CWECWE-119

EPSS0.04%

Exploit No

Patch ✗ No

Published 2026-05-30

Source Feed nvd

🇸🇦 Saudi Risk Score

8.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-119

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-10121

Introduce Yourself

Sign In Required