CVE-2026-10061 | TRENDnet TEW-432BRP 3.10B20 /goform/formWPS peerPin command injection

A vulnerability labeled as critical has been found in TRENDnet TEW-432BRP 3.10B20. Affected is the function formWPS of the file /goform/formWPS. The manipulation of the argument peerPin results in command injection. This vulnerability only affects products that are no longer supported by the maintainer.

This vulnerability is identified as CVE-2026-10061. The attack can be executed remotely. Additionally, an exploit exists.

The vendor explains: “This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities.”

CVE-2026-10061 | TRENDnet TEW-432BRP 3.10B20 /goform/formWPS peerPin command injection

Post correlati

CVE-2025-6772 | eosphoros-ai db-gpt up to 0.7.2 import import_flow File path traversal (Issue 2774)

CVE-2025-2800 | WP Event Manager Plugin up to 3.1.50 on WordPress organizer_name cross site scripting

CVE-2023-37531 | HCL BigFix Platform up to 9.5.23/10.0.10 Web Reports cross site scripting (KB0110209)

CVE-2024-57040 | TP-Link TL-WR845N 4_190219/4_200909 hard-coded password