Stack-based Buffer Overflow in Trendnet Router
CVE-2026-15480
Key Information:
- Vendor
Trendnet
- Status
- Vendor
- CVE Published:
- 12 July 2026
Badges
What is CVE-2026-15480?
A stack-based buffer overflow vulnerability has been identified in the web service functionality of Trendnet TEW-635BRM routers running firmware version 1.00.03 and earlier. The flaw resides in the start_httpd function located in the /sbin/rc file, where improper handling of the device_name argument can lead to remote exploitation. The vendor has stated that this device has reached end-of-life status since 2011, and no official updates will be issued. As such, users are encouraged to upgrade to newer hardware to mitigate the risks associated with this vulnerability, especially since the exploit is publicly available.
Affected Version(s)
TEW-635BRM 1.00.03
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
