External risk intelligence

TRENDnet Router Domain Filter Vulnerability.

CVE advisorySeverity: HIGH (CVSS 7.4)

CVE-2026-10123

A vulnerability in a TRENDnet router's domain filter function could allow remote attackers to gain control. The vendor states the product is end-of-life and unsupported, making fixes unavailable. This presents a business risk to organizations using the affected devices.

4Halo Surface Signal

Memory Corruption

External exposure likelihood

Halo Surface Signal score for CVE-2026-10123

The affected product is a wireless broadband router, which is typically deployed as an edge device between a local network and the internet. While management interfaces on such devices are often intended for internal use, they are frequently exposed to the public internet in common real-world home or small office deployments, making the web-based administrative functionality reachable.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Horizon Alert

Summary of the vulnerability and why it matters

A vulnerability has been identified in a TRENDnet product, specifically within its function for managing domain filters. The flaw allows for a stack-based buffer overflow, which can be initiated remotely. This issue affects products that are no longer supported by the vendor.

  • Domain filter management function
  • Buffer overflow vulnerability
  • Potential for remote system compromise

Attack Path

How an attacker could exploit the issue

A vulnerability exists within the TRENDnet TEW-432BRP 3.10B20 firmware. Specifically, the `formSetDomainFilter` function in the `/goform/formSetDomainFilter` file is susceptible to a stack-based buffer overflow. This vulnerability can be exploited remotely by manipulating specific arguments related to domain filtering. Exploitation of this vulnerability could lead to unauthorized control of the affected device.

  • Exposure condition: Network accessible management interface.
  • Attacker starting point: Unauthenticated network access.
  • Trigger and result: Argument manipulation leads to overflow and control.

Live Threat

Current exploitation, exposure, and threat context

A vulnerability exists within a TRENDnet router that could allow for remote code execution. The affected component handles domain filtering, and a specific manipulation of its arguments can lead to a buffer overflow. Attackers with a low skill level could potentially exploit this vulnerability. The vendor has stated that the product reached its end-of-life 15 years ago and is no longer supported, making remediation infeasible.

  • Likely attacker skill level: Low
  • Required access or conditions: Network access
  • Business risk or urgency: High

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

This vulnerability in a TRENDnet device, discovered in the `formSetDomainFilter` function, allows for remote exploitation through a stack-based buffer overflow. The vendor has stated the product is end-of-life and no longer supported, meaning fixes are unavailable. Given the public exploit and unsupported nature of the product, organizations using this device face significant risk.

  • Find affected devices.
  • Isolate exposed devices.
  • Replace unsupported devices.

Frequently asked questions

What type of vulnerability is present in the TRENDnet TEW-432BRP 3.10B20 firmware, and where is it located?

A stack-based buffer overflow vulnerability has been identified in the TRENDnet TEW-432BRP 3.10B20 firmware, specifically within the `formSetDomainFilter` function located in the `/goform/formSetDomainFilter` file. This flaw is triggered by manipulating arguments related to domain filtering.

What is the weakness class associated with the TRENDnet router vulnerability and how can it be exploited?

The weakness class identified is CWE-119 and CWE-121, both related to buffer overflows. The vulnerability can be exploited remotely by manipulating arguments such as `blocked_domain`, `permitted_domain`, `blocked_domain_list`, or `permitted_domain_list` within the `formSetDomainFilter` function, leading to a stack-based buffer overflow.

How can an attacker trigger the buffer overflow vulnerability in the TRENDnet router, and does it require authentication?

The buffer overflow in the TRENDnet router can be triggered remotely by manipulating specific arguments within the `formSetDomainFilter` function. According to the provided information, the attack vector is Network (AV:N) and requires no privileges (PR:L), indicating it can be initiated without authentication.

What is the relevance of the TRENDnet router vulnerability, considering its age and vendor support status?

The TRENDnet TEW-432BRP 3.10B20 is end-of-life and has been unsupported for 15 years. Due to its age and lack of vendor support, remediation is not possible. The public availability of exploit code for this vulnerability, coupled with its typical deployment as an edge device, increases its relevance for organizations still using this outdated equipment.

What practical steps should organizations take if they are using the affected TRENDnet device?

Organizations using the affected TRENDnet TEW-432BRP 3.10B20 should first identify all instances of this device within their network. It is crucial to isolate any exposed devices from the internet to mitigate immediate risk. The most effective long-term solution is to replace these unsupported and vulnerable devices with modern, supported equipment.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified