TRENDnet TEW-432BRP formSysCmd command injection_CVE-2026-10180

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. Impacted is the function formSysCmd of the file /goform/formSysCmd. Such manipulation of the argument sysCmd leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.

Basic Information

ID CVE-2026-10180

Source VulDB

Published May 31, 2026 at 11:15

Affected Product

Vendor TRENDnet

Product TEW-432BRP

Version 3.10B20

Affected Versions TRENDnet TEW-432BRP 3.10B20

CWE Classification

CWE-77 CWE-74

References

{
    "lastseen": "",
    "description": "A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. Impacted is the function formSysCmd of the file /goform/formSysCmd. Such manipulation of the argument sysCmd leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor explains: \"This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities.\" This vulnerability only affects products that are no longer supported by the maintainer.",
    "published": "2026-05-31T11:15:06.990Z",
    "modified": "2026-05-31T11:15:06.990Z",
    "type": "cve",
    "title": "TRENDnet TEW-432BRP formSysCmd command injection",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/367461\nhttps://vuldb.com/vuln/367461/cti\nhttps://vuldb.com/cve/CVE-2026-10180\nhttps://vuldb.com/submit/814774\nhttps://github.com/wudipjq/my_vuln/blob/main/TRENDnet/vuln_17/17.md",
    "id": "CVE-2026-10180",
    "bulletinFamily": "",
    "cwe": [
        "CWE-77",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "TRENDnet TEW-432BRP 3.10B20",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "TEW-432BRP",
    "version": "3.10B20",
    "vendor": "TRENDnet",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}