Home

Description

A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. Impacted is the function formSysCmd of the file /goform/formSysCmd. Such manipulation of the argument sysCmd leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.

PUBLISHED Reserved 2026-05-30 | Published 2026-05-31 | Updated 2026-06-01 | Assigner VulDB




MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
MEDIUM: 6.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
MEDIUM: 6.3CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
6.5AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR

Problem types

Command Injection

Injection

Product status

3.10B20
affected

Timeline

2026-05-30:Advisory disclosed
2026-05-30:VulDB entry created
2026-05-30:VulDB entry last update

Credits

pjq_Buoy (VulDB User) reporter

VulDB CNA Team coordinator

References

vuldb.com/vuln/367461 (VDB-367461 | TRENDnet TEW-432BRP formSysCmd command injection) vdb-entry technical-description

vuldb.com/vuln/367461/cti (VDB-367461 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/cve/CVE-2026-10180 (CVE-2026-10180 | CVE Analysis and Report) third-party-advisory

vuldb.com/submit/814774 (Submit #814774 | TRENDnet TEW-432BRP 3.10B20 Stack-based Buffer Overflow) third-party-advisory

github.com/wudipjq/my_vuln/blob/main/TRENDnet/vuln_17/17.md exploit

cve.org (CVE-2026-10180)

nvd.nist.gov (CVE-2026-10180)

Download JSON