Cyber Resilience

CVE-2026-4172

High

Published: 16 March 2026

Published
16 March 2026
Modified
22 April 2026
KEV Added
Patch
CVSS Score v4 7.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0006 18.1th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-4172 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 18.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2026-4172 is a stack-based buffer overflow vulnerability in the TRENDnet TEW-632BRP router running firmware version 1.010B32. The issue resides in an unknown part of the /ping_response.cgi file within the HTTP POST Request Handler component, where manipulation of the "ping_ipaddr" argument triggers the overflow.

The vulnerability can be exploited remotely over the network with low attack complexity and no user interaction required, but it demands high privileges (PR:H) such as administrative access. Successful exploitation grants high impacts on confidentiality, integrity, and availability (CVSS 7.2/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), potentially allowing arbitrary code execution. A public exploit is available and may be used by attackers.

Advisories from VulDB and a GitHub issue detail the vulnerability but note that the vendor was contacted early without any response or patch release. No official mitigations or updates are provided in the referenced sources.

The exploit's public availability increases the risk of real-world attacks against unpatched TRENDnet TEW-632BRP devices, with associated CWEs CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow).

EU & UK References

Vulnerability details

A vulnerability was detected in TRENDnet TEW-632BRP 1.010B32. This affects an unknown part of the file /ping_response.cgi of the component HTTP POST Request Handler. The manipulation of the argument ping_ipaddr results in stack-based buffer overflow. The attack may be performed…

more

from remote. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Stack-based buffer overflow in the unauthenticated-triggerable but high-priv HTTP POST handler (/ping_response.cgi, ping_ipaddr parameter) of an internet-facing router web interface directly enables remote exploitation of a public-facing application for arbitrary code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-7417Shared CWE-119, CWE-121
CVE-2026-5350Shared CWE-119, CWE-121
CVE-2025-9046Shared CWE-119, CWE-121
CVE-2025-9247Shared CWE-119, CWE-121
CVE-2026-6197Shared CWE-119, CWE-121
CVE-2025-12259Shared CWE-119, CWE-121
CVE-2026-2877Shared CWE-119, CWE-121
CVE-2025-7909Shared CWE-119, CWE-121
CVE-2026-7851Shared CWE-119, CWE-121
CVE-2025-8819Shared CWE-119, CWE-121

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly validates the ping_ipaddr argument in HTTP POST requests to /ping_response.cgi, preventing the stack-based buffer overflow from malicious input.

prevent

Provides memory protection techniques like stack canaries and address space layout randomization to mitigate exploitation of the stack-based buffer overflow.

prevent

Establishes a process to identify, report, and remediate the known buffer overflow flaw in the HTTP POST Request Handler, including applying patches or replacements.

References