Primary

Context

TRENDnet TEW-432BRP Command Injection Vulnerability in WPS Function

Vulnerability

A command injection vulnerability has been identified in the TRENDnet TEW-432BRP router, specifically in version 3.10B20. The issue arises in the WPS form handling, where the 'peerPin' argument can be manipulated to execute arbitrary commands on the operating system. This vulnerability can be exploited remotely.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the affected device.

Reproduction

To reproduce this vulnerability, send a POST request to '/goform/formWPS' with the 'peerPin' parameter set to a command, such as 'reboot'. The router will execute the command, demonstrating the command injection flaw.

Added: May 29, 2026, 2:39 PM

Updated: May 29, 2026, 2:39 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.8

remediation

0.0

relevance

9.8

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.8

remediation

0.0

relevance

9.8

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TRENDnet TEW-432BRP Command Injection Vulnerability in WPS Function

Vulnerability

Impact

Reproduction

Affected Products

TRENDnet TEW-432BRP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating