CVE-2026-10180

MEDIUM 6.3

TRENDnet TEW-432BRP formSysCmd command injection

CVSS Score

6.3

EPSS Score

1.1%

EPSS Percentile

78th

A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. Impacted is the function formSysCmd of the file /goform/formSysCmd. Such manipulation of the argument sysCmd leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.

CWE	CWE-77 CWE-74
Vendor	trendnet
Product	tew-432brp
Published	May 31, 2026
Last Updated	Jun 1, 2026

Stay Ahead of the Next One

Get instant alerts for trendnet tew-432brp

Be the first to know when new medium vulnerabilities affecting trendnet tew-432brp are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

TRENDnet / TEW-432BRP

3.10B20

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/367461 vuldb.com: https://vuldb.com/vuln/367461/cti vuldb.com: https://vuldb.com/cve/CVE-2026-10180 vuldb.com: https://vuldb.com/submit/814774 github.com: https://github.com/wudipjq/my_vuln/blob/main/TRENDnet/vuln_17/17.md

Credits

🔍 pjq_Buoy (VulDB User) VulDB CNA Team