External risk intelligence

TRENDnet Router Protocol Filter Stack Overflow Vulnerability

CVE advisorySeverity: HIGH (CVSS 7.4)

CVE-2026-10122

A vulnerability impacts a TRENDnet device's protocol filtering function, allowing remote exploitation via buffer overflow. The product is unsupported, posing significant risk as remediation is infeasible. Organizations should identify and isolate such devices.

4Halo Surface Signal

Memory Corruption

External exposure likelihood

Halo Surface Signal score for CVE-2026-10122

The affected product is a consumer router/wireless access point. Such devices are designed to act as internet gateways and edge services. While this specific model is end-of-life, its deployment pattern as an internet-facing network appliance in residential or small-office environments makes remote, internet-based reachability a common and expected deployment configuration.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Horizon Alert

Summary of the vulnerability and why it matters

A vulnerability has been identified in a TRENDnet product related to its protocol filtering function. The flaw occurs when handling specific arguments within the `formSetProtocolFilter` function, potentially leading to a buffer overflow. This could allow a remote attacker to compromise the system. The vendor has indicated that the product is end-of-life and no longer supported.

  • Vulnerable protocol filtering function
  • Stack-based buffer overflow flaw
  • Potential for remote system compromise

Attack Path

How an attacker could exploit the issue

The vulnerability exists within the TRENDnet TEW-432BRP, specifically in the `formSetProtocolFilter` function. An attacker can exploit this by manipulating the `protocol_name` argument, leading to a stack-based buffer overflow. This attack can be performed remotely, and the exploit has been publicly disclosed. Because this product has been end-of-life for 15 years, the vendor is unable to replicate or fix the vulnerability.

  • Exposure condition: Network accessible.
  • Attacker starting point: Unauthenticated remote attacker.
  • Trigger and result: Manipulate argument, gain control.

Live Threat

Current exploitation, exposure, and threat context

A vulnerability exists in a TRENDnet device that could allow attackers to overflow a buffer. This could lead to the execution of malicious code, potentially impacting the confidentiality, integrity, and availability of the affected system. The vulnerability is publicly known and may be actively exploited. Given the device is 15 years past its end-of-life and no longer supported by the vendor, remediation is not feasible.

  • Attackers likely possess moderate skill.
  • Remote access is required, with no user interaction.
  • High business risk due to unsupported device.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

The identified vulnerability in TRENDnet TEW-432BRP 3.10B20 relates to a stack-based buffer overflow in the `formSetProtocolFilter` function. This flaw can be exploited remotely by manipulating the `protocol_name` argument. The vendor has stated this product reached end-of-life 15 years ago and cannot be fixed. Consequently, the vulnerability only impacts unsupported products.

  • Identify exposed TRENDnet devices.
  • Isolate unsupported devices from the network.
  • Monitor for related network traffic.

Frequently asked questions

What is the TRENDnet TEW-432BRP 3.10B20 and its role in a network?

The TRENDnet TEW-432BRP 3.10B20 is a consumer router and wireless access point. These devices are essential for establishing internet connectivity and managing data flow within home or small office networks.

How does CVE-2026-10122 lead to a stack-based buffer overflow?

CVE-2026-10122 creates a security risk through a stack-based buffer overflow vulnerability. This occurs when the `formSetProtocolFilter` function receives specially crafted input for the `protocol_name` argument, allowing an attacker to overwrite memory.

What conditions allow an attacker to exploit the TRENDnet TEW-432BRP vulnerability?

An attacker can exploit this vulnerability remotely by manipulating the `protocol_name` argument in the `formSetProtocolFilter` function. The exploit has been publicly disclosed, and due to the product's end-of-life status, no fixes are available.

What is the relevance of CVE-2026-10122 to network security?

The relevance of CVE-2026-10122 is heightened because it affects network gateway devices like the TRENDnet TEW-432BRP, which are typically internet-facing. Although the product is end-of-life, its function as a network entry point makes it a potential target.

What practical steps should be taken regarding the TRENDnet TEW-432BRP vulnerability?

Given that the TRENDnet TEW-432BRP is end-of-life and unpatchable, practical responses include identifying any deployed units, isolating them from the network to prevent exploitation, and monitoring network traffic for any suspicious activity related to this vulnerability.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified