CVE-2026-26731
Received Received - Intake
Stack-Based Buffer Overflow in TOTOLINK A3002RU Router Firmware

Publication date: 2026-02-17

Last updated on: 2026-03-16

Assigner: MITRE

Description
TOTOLINK A3002RU V2.1.1-B20211108.1455 was discovered to contain a stack-based buffer overflow via the routernamer`parameter in the formDnsv6 function.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-17
Last Modified
2026-03-16
Generated
2026-06-16
AI Q&A
2026-02-17
EPSS Evaluated
2026-06-15
NVD
CVE-2026-26731
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
totolink a3002ru_firmware 2.1.1-b20211108.1455
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

A stack-based buffer overflow can allow an attacker to execute arbitrary code, potentially leading to unauthorized access, system crashes, or control over the affected device.

Compliance Impact

I don't know

Detection Guidance

This vulnerability involves a stack-based buffer overflow via the routernamer parameter in the formDnsv6 function of TOTOLINK A3002RU V2.1.1-B20211108.1455. Detection would typically involve monitoring for unusual or malformed HTTP requests targeting the formDnsv6 endpoint with suspicious routernamer parameter values.

Specific commands or detection scripts are not provided in the available resources.

Mitigation Strategies

No explicit mitigation steps are detailed in the provided context or resources.

General best practices would include restricting access to the vulnerable device, applying any available firmware updates from the vendor, and monitoring network traffic for exploitation attempts.

Executive Summary

This vulnerability is a stack-based buffer overflow found in the TOTOLINK A3002RU router, specifically in version V2.1.1-B20211108.1455. It occurs via the 'routernamer' parameter in the formDnsv6 function.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-26731. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart