External risk intelligence

TRENDnet Router Remote Code Execution Vulnerability

CVE advisorySeverity: HIGH (CVSS 7.4)

CVE-2026-10121

A vulnerability in a TRENDnet device allows remote attackers to cause a stack-based buffer overflow. This could lead to unauthorized system control for organizations using this unsupported, end-of-life hardware. The vendor is unable to provide a fix due to the product's age.

4Halo Surface Signal

Memory Corruption

External exposure likelihood

Halo Surface Signal score for CVE-2026-10121

The affected product is a wireless broadband router, which is typically deployed at the network edge to provide internet connectivity. Vulnerabilities in the web management interface of such edge devices are commonly reachable from the local network and, depending on configuration, can be exposed to the public internet.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Horizon Alert

Summary of the vulnerability and why it matters

A vulnerability has been identified in a TRENDnet device, specifically within its URL filter functionality. This flaw can be triggered remotely, potentially leading to unauthorized access and control over affected systems. As the product is no longer supported by the vendor, remediation options are not available.

  • Vulnerable TRENDnet device function
  • Stack-based buffer overflow flaw
  • Compromised system control and data

Attack Path

How an attacker could exploit the issue

This vulnerability involves a stack-based buffer overflow within the TRENDnet TEW-432BRP device. An attacker can remotely exploit this flaw by manipulating a specific argument in the `formSetUrlFilter` function. Successful exploitation could lead to an attacker gaining control over the affected system. The vendor has indicated that this product is end-of-life and no longer supported, meaning no patches are available.

  • Exposure condition: Network-accessible device.
  • Attacker starting point: Unauthenticated network access.
  • Trigger and result: Buffer overflow leads to system control.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability impacts TRENDnet TEW-432BRP devices, specifically within the formSetUrlFilter function. The flaw allows for remote manipulation, potentially leading to a stack-based buffer overflow. The vendor has indicated that this product has been end-of-life for 15 years and is no longer supported, making it impossible to replicate or fix.

  • Likely attacker skill level: Low
  • Required access or conditions: Network access
  • Business risk or urgency: High

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

This vulnerability affects TRENDnet TEW-432BRP 3.10B20 devices due to a buffer overflow in the formSetUrlFilter function. The issue can be exploited remotely by manipulating specific arguments. While an exploit has been published, the vendor has stated the product has been end-of-life for 15 years and is unsupported, meaning the vendor cannot provide a fix. This vulnerability therefore only impacts organizations still using this unsupported hardware.

  • Identify exposed TRENDnet TEW-432BRP 3.10B20 devices.
  • Isolate or decommission affected devices.
  • Monitor for related security incidents.

Frequently asked questions

What is the TRENDnet TEW-432BRP router?

The TRENDnet TEW-432BRP is a 54Mbps Wireless G Broadband Router that was used for creating wireless networks and providing internet connectivity. It is an older device, with some versions reaching end-of-life as early as 2009.

What is CVE-2026-10121 and what is its weakness?

CVE-2026-10121 is a high-severity vulnerability affecting the TRENDnet TEW-432BRP router, specifically in its `formSetUrlFilter` function. The weakness is a stack-based buffer overflow (CWE-119, CWE-121) that can be remotely exploited.

How can CVE-2026-10121 be exploited?

An attacker can exploit this vulnerability by remotely manipulating the `keyword_list` argument within the `/goform/formSetUrlFilter` file. This manipulation can lead to a stack-based buffer overflow, potentially allowing for arbitrary code execution or denial of service. The attack requires low complexity and no user interaction.

Who is at risk from CVE-2026-10121?

Organizations still using the TRENDnet TEW-432BRP router, particularly those running firmware version 3.10B20, are at risk. As this product has been end-of-life since 2009, the vendor will not provide any patches or fixes, leaving these devices permanently vulnerable.

What actions should be taken regarding CVE-2026-10121?

Due to the unsupported and unpatchable nature of the TRENDnet TEW-432BRP router, the only effective response is to decommission and replace the affected devices with a supported model. Isolating the device from the network is a temporary measure.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified