A3002ru Firmware
CVE-2026-26732
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
TOTOLINK A3002RU V2.1.1-B20211108.1455 was discovered to contain a stack-based buffer overflow via the vpnUser or vpnPassword` parameters in the formFilter function.
AnalysisAI
Stack overflow vulnerabilities in TOTOLIK A3002RU V2.1.1 router firmware allow authenticated attackers to achieve remote code execution through malformed vpnUser or vpnPassword parameters. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at risk of complete compromise.
Technical ContextAI
Classified as CWE-787 (Out-of-bounds Write). Affects the formFilter component of A3002Ru Firmware. TOTOLINK A3002RU V2.1.1-B20211108.1455 was discovered to contain a stack-based buffer overflow via the vpnUser or vpnPassword` parameters in the formFilter function.
RemediationAI
Monitor vendor advisories for a patch. Enable ASLR, DEP/NX, and stack canaries where possible. Restrict network access to the affected service where possible.
More in A3002ru Firmware
View allTOTOLINK AC1200 Wireless Router A3002RU V2.1.1-B20230720.1011 is vulnerable to Buffer Overflow. Rated critical severity
System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands vi
System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands vi
System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via th
System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via t
Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin use
CVE-2025-6393 is a critical buffer overflow vulnerability in the HTTP POST request handler of TOTOLINK routers affecting
Critical buffer overflow vulnerability in TOTOLINK A3002RU routers (version 3.0.0-B20230809.1615 and potentially others)
Critical remote buffer overflow vulnerability in TOTOLINK A3002RU firmware version 3.0.0-B20230809.1615 affecting the HT
CVE-2025-6337 is a critical buffer overflow vulnerability in TOTOLINK A3002R and A3002RU routers affecting versions 3.0.
A vulnerability, which was classified as critical, was found in TOTOLINK A3002RU 3.0.0-B20230809.1615. Affected is an un
Stack-based buffer overflow in TOTOLIK A3002RU firmware versions up to V3.0.0-B20220304.1804 allows authenticated attack
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today