{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/tew-432brp-3.10b20/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-10123"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["TEW-432BRP 3.10B20"],"_cs_severities":["high"],"_cs_tags":["cve","buffer overflow","remote code execution","network device"],"_cs_type":"advisory","_cs_vendors":["TRENDnet"],"content_html":"\u003cp\u003eA stack-based buffer overflow vulnerability, identified as CVE-2026-10123, has been discovered in TRENDnet TEW-432BRP router, version 3.10B20. The vulnerability resides in the \u003ccode\u003eformSetDomainFilter\u003c/code\u003e function within the \u003ccode\u003e/goform/formSetDomainFilter\u003c/code\u003e file. This flaw allows a remote attacker to execute arbitrary code on the device by carefully crafting malicious input to the \u003ccode\u003eblocked_domain\u003c/code\u003e, \u003ccode\u003epermitted_domain\u003c/code\u003e, \u003ccode\u003eblocked_domain_list\u003c/code\u003e, or \u003ccode\u003epermitted_domain_list\u003c/code\u003e arguments. The vendor has stated that the affected product has been end-of-life (EOL) since 2009 and will not be providing a fix. This vulnerability poses a significant risk to users who are still operating this outdated and unsupported device, as it could be easily exploited due to the public availability of the exploit.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable TRENDnet TEW-432BRP router running firmware version 3.10B20.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP POST request targeting the \u003ccode\u003e/goform/formSetDomainFilter\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eWithin the POST request, the attacker manipulates the \u003ccode\u003eblocked_domain\u003c/code\u003e, \u003ccode\u003epermitted_domain\u003c/code\u003e, \u003ccode\u003eblocked_domain_list\u003c/code\u003e, or \u003ccode\u003epermitted_domain_list\u003c/code\u003e parameters.\u003c/li\u003e\n\u003cli\u003eThe crafted input exceeds the buffer size allocated for these parameters within the \u003ccode\u003eformSetDomainFilter\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe overflow overwrites adjacent memory on the stack, including the return address.\u003c/li\u003e\n\u003cli\u003eThe overwritten return address is replaced with the address of malicious code controlled by the attacker.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eformSetDomainFilter\u003c/code\u003e function completes its execution and attempts to return.\u003c/li\u003e\n\u003cli\u003eInstead of returning to the intended location, the execution jumps to the attacker-controlled malicious code, achieving remote code execution.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability (CVE-2026-10123) allows a remote attacker to execute arbitrary code on the vulnerable TRENDnet TEW-432BRP device. This could lead to complete compromise of the router, allowing the attacker to eavesdrop on network traffic, modify router settings, or use the device as a bot in a larger attack. Given that the product has been EOL since 2009, users still running this device are unlikely to receive security updates, leaving them permanently vulnerable. The impact is considered high due to the ease of exploitation and the potential for significant damage.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImplement network segmentation to isolate vulnerable TRENDnet TEW-432BRP devices if they cannot be decommissioned.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect TRENDnet TEW-432BRP Buffer Overflow Attempt\u003c/code\u003e to identify suspicious requests to the \u003ccode\u003e/goform/formSetDomainFilter\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for abnormally long values in the \u003ccode\u003eblocked_domain\u003c/code\u003e, \u003ccode\u003epermitted_domain\u003c/code\u003e, \u003ccode\u003eblocked_domain_list\u003c/code\u003e, and \u003ccode\u003epermitted_domain_list\u003c/code\u003e parameters within requests to \u003ccode\u003e/goform/formSetDomainFilter\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-30T16:24:25Z","date_published":"2026-05-30T16:24:25Z","id":"https://feed.craftedsignal.io/briefs/2026-05-trendnet-buffer-overflow/","summary":"A stack-based buffer overflow vulnerability (CVE-2026-10123) exists in TRENDnet TEW-432BRP version 3.10B20 within the formSetDomainFilter function, allowing a remote attacker to execute arbitrary code by manipulating specific arguments in a request to /goform/formSetDomainFilter.","title":"TRENDnet TEW-432BRP Stack-Based Buffer Overflow Vulnerability (CVE-2026-10123)","url":"https://feed.craftedsignal.io/briefs/2026-05-trendnet-buffer-overflow/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-10062"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["TEW-432BRP 3.10B20"],"_cs_severities":["high"],"_cs_tags":["cve","buffer-overflow","router"],"_cs_type":"advisory","_cs_vendors":["TRENDnet"],"content_html":"\u003cp\u003eCVE-2026-10062 describes a stack-based buffer overflow vulnerability affecting TRENDnet TEW-432BRP router, version 3.10B20. The vulnerability resides within the \u003ccode\u003eformSetRoute\u003c/code\u003e function of the \u003ccode\u003e/goform/formSetRoute\u003c/code\u003e file. By manipulating the \u003ccode\u003eip\u003c/code\u003e, \u003ccode\u003emask\u003c/code\u003e, and \u003ccode\u003egateway\u003c/code\u003e arguments, a remote attacker can trigger a buffer overflow, potentially leading to arbitrary code execution. This vulnerability is remotely exploitable and has a public exploit available. However, TRENDnet has stated that the affected product has been End-of-Life (EOL) since 2009 and will not be patched. Defenders need to identify and isolate instances of this legacy hardware.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable TRENDnet TEW-432BRP router running firmware version 3.10B20.\u003c/li\u003e\n\u003cli\u003eThe attacker sends a crafted HTTP POST request to the \u003ccode\u003e/goform/formSetRoute\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe POST request includes oversized values for the \u003ccode\u003eip\u003c/code\u003e, \u003ccode\u003emask\u003c/code\u003e, and/or \u003ccode\u003egateway\u003c/code\u003e parameters.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eformSetRoute\u003c/code\u003e function processes the request without proper bounds checking.\u003c/li\u003e\n\u003cli\u003eThe oversized input overflows a stack buffer allocated for these parameters.\u003c/li\u003e\n\u003cli\u003eThe buffer overflow overwrites adjacent memory on the stack, including the return address.\u003c/li\u003e\n\u003cli\u003eThe function returns, transferring control to the attacker-controlled address.\u003c/li\u003e\n\u003cli\u003eThe attacker executes arbitrary code on the router, potentially gaining complete control.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows a remote attacker to execute arbitrary code on the affected TRENDnet TEW-432BRP router. Given the device\u0026rsquo;s End-of-Life status since 2009, a patch is not available. Compromise of the router could lead to network disruption, data theft, or the router being used as a botnet node. While the precise number of vulnerable devices is unknown, any organization still using this model is at significant risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eIdentify and isolate any TRENDnet TEW-432BRP 3.10B20 devices on your network (see affected products).\u003c/li\u003e\n\u003cli\u003eIf these devices are business-critical, consider placing them behind a firewall with strict access control lists and intrusion prevention systems.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rules to detect potential exploitation attempts against the \u003ccode\u003e/goform/formSetRoute\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs (category: webserver) for unusual activity targeting the \u003ccode\u003e/goform/formSetRoute\u003c/code\u003e path.\u003c/li\u003e\n\u003cli\u003eConsider network segmentation to limit the potential impact of a compromised device.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-29T15:18:07Z","date_published":"2026-05-29T15:18:07Z","id":"https://feed.craftedsignal.io/briefs/2026-05-trendnet-stack-overflow/","summary":"TRENDnet TEW-432BRP version 3.10B20 is vulnerable to a stack-based buffer overflow via manipulation of the ip/mask/gateway arguments in the formSetRoute function of the /goform/formSetRoute file, enabling remote attackers to potentially execute arbitrary code.","title":"TRENDnet TEW-432BRP Stack-Based Buffer Overflow Vulnerability (CVE-2026-10062)","url":"https://feed.craftedsignal.io/briefs/2026-05-trendnet-stack-overflow/"}],"language":"en","title":"CraftedSignal Threat Feed — TEW-432BRP 3.10B20","version":"https://jsonfeed.org/version/1.1"}