A critical stack-based buffer overflow in the legacy TRENDnet TEW-432BRP router poses a severe risk of arbitrary code execution.

The vulnerability is a stack-based buffer overflow in the formPortFw function of the /goform/formPortFw file. Attackers can trigger this flaw by sending a crafted server_name argument, leading to potential remote code execution.

With a CVSS score of 8.8, this vulnerability allows an attacker to gain control over the router. Because the product is End-of-Life (EOL), the lack of vendor support means these devices are permanently vulnerable, creating a persistent security gap that could facilitate unauthorized network access and data interception.

Immediate Action: Since the product is EOL, the only effective remediation is to decommission and replace the affected TRENDnet TEW-432BRP hardware immediately.

Proactive Monitoring: If immediate removal is not possible, monitor all traffic to the device and restrict access to the management interface to trusted internal IP addresses only.

Compensating Controls: Deploy a network-level firewall or intrusion prevention system to drop traffic directed at the /goform/formPortFw endpoint.

Public Exploit Available: True

The combination of an 8.8 CVSS score and the End-of-Life status of this product makes it a high-priority risk. Organizations still utilizing this hardware must prioritize immediate replacement to eliminate the threat of exploitation.