A3002Mu
Monthly
Stack-based buffer overflow in Totolink A3002MU router firmware B20211125.1046 allows authenticated remote attackers to execute arbitrary code via crafted 'wan-url' parameter in /boafrm/formWlanSetup endpoint. Publicly available exploit code exists (PoC on GitHub). EPSS score of 0.08% (23rd percentile) indicates low observed exploitation probability despite public exploit, likely due to authentication requirement (PR:L) and narrow attack surface of legacy consumer router product.
Stack-based buffer overflow in Totolink A3002MU router firmware B20211125.1046 allows authenticated remote attackers to execute arbitrary code via crafted 'wan-url' parameter in /boafrm/formWlanSetup endpoint. Publicly available exploit code exists (PoC on GitHub). EPSS score of 0.08% (23rd percentile) indicates low observed exploitation probability despite public exploit, likely due to authentication requirement (PR:L) and narrow attack surface of legacy consumer router product.