Command Injection Vulnerability in TRENDnet TEW-432BRP Router
CVE-2026-10060

5.3MEDIUM

Key Information:

Vendor: Trendnet
Status: Tew-432brp
Vendor: CVE Published:; 29 May 2026

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2026-10060?

A command injection vulnerability exists in the TRENDnet TEW-432BRP router, allowing attackers to manipulate the parameters ip, mask, and gateway in the formSetRoute function within the /goform/formSetRoute file. This flaw can be exploited remotely, potentially giving unauthorized users the ability to execute arbitrary commands. Notably, this product has been end-of-life (EOL) since 2009, meaning there are no patches or fixes available for this vulnerability.

Affected Version(s)

TEW-432BRP 3.10B20

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-10060 - Proof of Concept

References

https://vuldb.com/vuln/367146

vdb-entrytechnical-description

https://vuldb.com/vuln/367146/cti

signaturepermissions-required

https://vuldb.com/submit/814756

third-party-advisory

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
May 29, 2026
👾
Exploit known to exist
May 29, 2026
Vulnerability published
May 29, 2026
Vulnerability Reserved
May 29, 2026

Credit

pjqwudi_Buoy (VulDB User)

VulDB CNA Team

CVE-2026-10060 Data

JSON

Trendnet