CVE-2026-4172
Published: 16 March 2026
Summary
CVE-2026-4172 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 18.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2026-4172 is a stack-based buffer overflow vulnerability in the TRENDnet TEW-632BRP router running firmware version 1.010B32. The issue resides in an unknown part of the /ping_response.cgi file within the HTTP POST Request Handler component, where manipulation of the "ping_ipaddr" argument triggers the overflow.
The vulnerability can be exploited remotely over the network with low attack complexity and no user interaction required, but it demands high privileges (PR:H) such as administrative access. Successful exploitation grants high impacts on confidentiality, integrity, and availability (CVSS 7.2/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), potentially allowing arbitrary code execution. A public exploit is available and may be used by attackers.
Advisories from VulDB and a GitHub issue detail the vulnerability but note that the vendor was contacted early without any response or patch release. No official mitigations or updates are provided in the referenced sources.
The exploit's public availability increases the risk of real-world attacks against unpatched TRENDnet TEW-632BRP devices, with associated CWEs CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow).
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-12218
Vulnerability details
A vulnerability was detected in TRENDnet TEW-632BRP 1.010B32. This affects an unknown part of the file /ping_response.cgi of the component HTTP POST Request Handler. The manipulation of the argument ping_ipaddr results in stack-based buffer overflow. The attack may be performed…
more
from remote. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in the unauthenticated-triggerable but high-priv HTTP POST handler (/ping_response.cgi, ping_ipaddr parameter) of an internet-facing router web interface directly enables remote exploitation of a public-facing application for arbitrary code execution.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly validates the ping_ipaddr argument in HTTP POST requests to /ping_response.cgi, preventing the stack-based buffer overflow from malicious input.
Provides memory protection techniques like stack canaries and address space layout randomization to mitigate exploitation of the stack-based buffer overflow.
Establishes a process to identify, report, and remediate the known buffer overflow flaw in the HTTP POST Request Handler, including applying patches or replacements.