External risk intelligence

TRENDnet Router Firewall Rule Vulnerability.

CVE advisorySeverity: HIGH (CVSS 7.4)

CVE-2026-10120

A vulnerability in a TRENDnet router function can allow remote attackers to cause a buffer overflow, potentially leading to system compromise. As the product is end-of-life and unsupported, no vendor fix is available, and the exploit is public. This poses a risk to any remaining deployed devices.

4Halo Surface Signal

Memory Corruption

External exposure likelihood

Halo Surface Signal score for CVE-2026-10120

The affected product is a network router. Vulnerabilities in the web management interface of routers and gateway devices are typically reachable over the network, and while many are intended for internal use, they are commonly exposed to the internet in real-world deployments, particularly in home and small office environments.

Horizon Alert

Summary of the vulnerability and why it matters

A vulnerability exists in a TRENDnet router function that handles firewall rules. Specifically, a weakness in how the system processes firewall rule names can lead to a buffer overflow. This flaw can be exploited remotely, potentially allowing unauthorized access and control. The vendor has indicated the product is end-of-life and no longer supported.

Vulnerable firewall rule function
Buffer overflow flaw
Remote system compromise

Attack Path

How an attacker could exploit the issue

A vulnerability exists in a TRENDnet router function that can be exploited remotely. An attacker can leverage this by sending a specially crafted request to the device. This manipulation could lead to a buffer overflow, potentially allowing an attacker to gain control over the affected system. The vendor has indicated that the product is end-of-life and no longer supported, meaning patches are not available.

Network exposure required.
Attacker sends malicious input.
Remote control or system impact.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability affects a TRENDnet router model no longer supported by the vendor. Attackers can exploit this flaw remotely by manipulating a specific function. Due to the product's age and discontinued support, there is no vendor fix available, and the exploit is publicly known.

Likely attacker skill level: Low
Required access or conditions: Network access, no authentication
Business risk or urgency: High, but depends on device exposure

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

This vulnerability impacts TRENDnet TEW-432BRP devices that are no longer supported by the vendor. Attackers can remotely exploit this vulnerability by manipulating a specific argument, leading to a buffer overflow. Given the product's End-of-Life status, the vendor is unable to provide a fix. The exploit is publicly available, increasing the risk to any remaining deployed devices.

Identify exposed devices.
Isolate or disable affected systems.
Monitor for related activity.

Frequently asked questions

What is the software context for CVE-2026-10120, affecting the TRENDnet TEW-432BRP router?

CVE-2026-10120 is a vulnerability found in the TRENDnet TEW-432BRP router, specifically within the formSetFirewallRule function located at the file /goform/formSetFirewallRule. This function is responsible for managing firewall rules on the device. The vulnerability stems from how the firewall_name argument is processed. The product has been end-of-life (EOL) since 2009, meaning the vendor no longer provides support or fixes for it.

What is the weakness class and impact of the CVE-2026-10120 vulnerability?

The weakness identified in CVE-2026-10120 is a stack-based buffer overflow, categorized under CWE-119 and CWE-121. This occurs when the firewall_name argument is manipulated. A successful manipulation can overwrite critical data on the stack, potentially leading to arbitrary code execution or system instability. The vulnerability has a base CVSS v4.0 score of 7.4, rated HIGH, and a CVSS v3.1 score of 8.8, also rated HIGH.

What is the trigger path and scope for CVE-2026-10120?

The vulnerability can be triggered remotely by manipulating the firewall_name argument within the formSetFirewallRule function. The attack vector is Network (AV:N), meaning an attacker does not need physical access to the device. The exploit is public, and the vendor indicates it may be used. The vulnerability does not require any privileges (PR:L) and does not need user interaction (UI:N). The scope is not changed (S:U), and the impact on confidentiality, integrity, and availability is High (C:H/I:H/A:H).

How relevant is CVE-2026-10120 given the product's EOL status and exploit availability?

Despite the TRENDnet TEW-432BRP being end-of-life for over 15 years, this vulnerability remains relevant due to the public availability of an exploit. The vendor has stated they cannot replicate or fix vulnerabilities in EOL products. The Halo Surface Signal classifies this as 'Likely' due to the network router context and the common real-world exposure of such devices to the internet, even in home and small office environments. The CVSS v4.0 score of 7.4 (HIGH) and the CVSS v3.1 score of 8.8 (HIGH) indicate a...

What practical response is recommended for CVE-2026-10120?

Given that the TRENDnet TEW-432BRP is end-of-life and unsupported, the primary response is to identify and isolate any remaining deployed devices. Disabling affected systems or removing them from the network is crucial. If possible, migrating to a supported and more secure router model is the most effective long-term solution. Continuous monitoring for any suspicious network activity related to these devices is also advised, as the exploit is publicly available and the vendor will not provide a patch.

References

Written by Nicholas Merritt

External-surface CVE analysis and Halo Surface Signal prioritization for Halo Threat Intelligence.