External risk intelligence

TRENDnet Router Stack Buffer Overflow Vulnerability.

CVE advisorySeverity: HIGH (CVSS 7.4)

CVE-2026-10119

A vulnerability in TRENDnet devices, specifically the formSetMACFilter function, allows remote attackers to cause a stack-based buffer overflow. This impacts unsupported products, as the vendor has ended support for this device 15 years ago. Organizations using this equipment face business risk due to the public disclo

4Halo Surface Signal

Memory Corruption

External exposure likelihood

Halo Surface Signal score for CVE-2026-10119

The vulnerability affects a consumer-grade wireless router. These devices are typically deployed as edge gateways, placing their web-based administrative interfaces or management services in a position where they are commonly reachable via the local network or, if misconfigured, the public internet.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Horizon Alert

Summary of the vulnerability and why it matters

A security vulnerability has been identified in TRENDnet devices, specifically impacting the `formSetMACFilter` function within the `/goform/formSetMACFilter` file. This flaw allows for a stack-based buffer overflow due to the manipulation of the `filter_name` argument. Exploitation is possible remotely and the exploit has been publicly disclosed. This vulnerability affects products that are no longer supported by the vendor, having been end-of-life for 15 years.

  • Vulnerable TRENDnet function
  • Stack-based buffer overflow flaw
  • Potential for remote data compromise

Attack Path

How an attacker could exploit the issue

This vulnerability allows an attacker to remotely gain control of an affected device. An unauthenticated attacker can exploit this by sending specially crafted data to the device. Successful exploitation could lead to a complete compromise of the system, impacting data confidentiality, integrity, and availability. This vulnerability affects older, unsupported hardware.

  • Network exposure is required.
  • Unauthenticated attacker gains access.
  • Triggering action leads to control.

Live Threat

Current exploitation, exposure, and threat context

A security vulnerability has been publicly disclosed in TRENDnet TEW-432BRP devices, specifically impacting the formSetMACFilter function. This flaw allows for remote exploitation, potentially leading to significant disruption. TRENDnet has indicated that this product has been end-of-life for 15 years, meaning no patches or fixes are available. This vulnerability affects only unsupported products.

  • Likely attacker skill level: Low
  • Required access or conditions: Network access, unauthenticated
  • Business risk or urgency: High, unpatched product

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

This security vulnerability impacts TRENDnet TEW-432BRP devices, specifically affecting the formSetMACFilter function. The vulnerability could allow remote attackers to gain control of the system through manipulation of a specific argument, potentially leading to a stack-based buffer overflow. Given that the product has been end-of-life for 15 years and is no longer supported by the vendor, official fixes are not available. The exploit has been publicly disclosed, increasing the potential risk to any organizations still utilizing this unsupported equipment.

  • Find affected assets.
  • Reduce exposure or isolate risk.
  • Monitor for related issues.

Frequently asked questions

What is the TRENDnet TEW-432BRP?

The TRENDnet TEW-432BRP is a consumer-grade wireless router. These devices are often used as edge gateways, meaning they connect a local network to the internet. Their administrative interfaces can sometimes be accessible over the local network or, if misconfigured, from the public internet.

How does CVE-2026-10119 cause a security issue?

CVE-2026-10119 is a stack-based buffer overflow vulnerability. This occurs when a program attempts to write data beyond the allocated buffer space on the stack. In this case, manipulating the `filter_name` argument in the `formSetMACFilter` function allows an attacker to overflow this buffer, potentially leading to a crash or arbitrary code execution.

What are the conditions needed to exploit CVE-2026-10119?

An attacker needs network access to the affected device and does not require authentication to exploit this vulnerability. Specifically, they can trigger the vulnerability by sending specially crafted data to the `/goform/formSetMACFilter` endpoint. The vulnerability is not triggered by normal, expected usage of the device's features.

Who should be concerned about this TRENDnet router vulnerability?

Organizations or individuals still using the TRENDnet TEW-432BRP router should be concerned. This device is considered external-facing, meaning it is directly exposed to the internet or acts as a gateway. Given that the product is end-of-life and unsupported, any use of it presents a significant security risk.

What is the first step if I am running this TRENDnet technology?

The most critical first step is to identify all instances of the affected TRENDnet TEW-432BRP device within your network. Since this product is no longer supported by the vendor and has no available fixes, you should focus on reducing its exposure, such as isolating it from the network, or decommissioning it entirely to mitigate the risk.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified