Primary

Context

TRENDnet TEW-432BRP Stack-Based Buffer Overflow Vulnerability in formPortFw Function

Vulnerability

A stack-based buffer overflow vulnerability has been identified in the TRENDnet TEW-432BRP router, specifically in version 3.10B20. The issue arises in the formPortFw function within the file /goform/formPortFw, where the server_name argument is manipulated, leading to a stack-based buffer overflow. This vulnerability can be exploited remotely, causing the device to crash and fail to provide services correctly. The vendor has stated that this product has been end-of-life since 2009 and is unable to address any vulnerabilities.

Impact

Exploitation of this vulnerability leads to a stack-based buffer overflow, allowing for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by sending a POST request to /goform/formPortFw with a crafted server_name parameter that exceeds the buffer size, causing a stack overflow. This can be done using a web browser or a tool like curl, with the appropriate headers and content type.

Added: May 31, 2026, 2:19 AM

Updated: May 31, 2026, 2:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

8.2

remediation

0.0

relevance

9.6

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

8.2

remediation

0.0

relevance

9.6

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TRENDnet TEW-432BRP Stack-Based Buffer Overflow Vulnerability in formPortFw Function

Vulnerability

Impact

Reproduction

Affected Products

TRENDnet TEW-432BRP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating