A critical stack-based buffer overflow in the legacy TRENDnet TEW-432BRP router creates a significant risk of remote code execution.

This is a stack-based buffer overflow vulnerability in the formSetEnableWizard function of the /goform/formSetEnableWizard file, triggered via the start_wizard argument.

With a CVSS score of 8.8, this flaw allows for potential remote code execution. Because the device is End-of-Life, no official patch will be provided, leaving the organization exposed to attackers who can leverage the public exploit to gain control of the device.

Immediate Action: Decommission the affected TRENDnet TEW-432BRP device immediately, as the vendor has stated it is EOL and will not receive security fixes.

Proactive Monitoring: Until the device is decommissioned, monitor for any unauthorized access attempts or suspicious traffic directed at the router's management interface.

Compensating Controls: Use a firewall to restrict traffic to the /goform/formSetEnableWizard endpoint and ensure the device is not accessible from the public internet.

Public Exploit Available: True

The high severity and lack of vendor support for this device create a critical risk. Replacing the affected hardware is the only recommended course of action to ensure the security of the network environment.