CVE-2026-10180

6.3 MEDIUM

A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20

Published: 2026-05-31 · Last updated: 2026-06-01

Severity and scoring

CVSS: 6.3 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-74, CWE-77

Description

A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. Impacted is the function formSysCmd of the file /goform/formSysCmd. Such manipulation of the argument sysCmd leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-10180
[Other]https://github.com/wudipjq/my_vuln/blob/main/TRENDnet/vuln_17/17.md
[Other]https://vuldb.com/cve/CVE-2026-10180
[Other]https://vuldb.com/submit/814774
[Other]https://vuldb.com/vuln/367461
[Other]https://vuldb.com/vuln/367461/cti

Related CVEs

Same CWE

CVE-2025-56814 — A code injection vulnerability in the wxExecute() function of OpenCPN v5.12.0 allows attackers to execute arbitrary code via embedding sh... (7.8 HIGH)
CVE-2026-12223 — A vulnerability was identified in Yealink SIP-T46U 108.86.0.118 (5.5 MEDIUM)
CVE-2026-12219 — A flaw has been found in Yealink SIP-T46U 108.86.0.118 (6.3 MEDIUM)
CVE-2026-12206 — A vulnerability was identified in Grit42 Grit up to 0.11.0 (6.3 MEDIUM)
CVE-2026-12197 — A security flaw has been discovered in Ruijie EG105G-P 2.340 (7.2 HIGH)