CVE-2026-6194
Stack-Based Buffer Overflow in Totolink A3002MU HTTP Handler
Publication date: 2026-04-13
Last updated on: 2026-04-13
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| totolink | a3002mu | b20211125.1046 |
| totolink | a3002mu | a3002mu_hh-b20211125.1046 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-6194 is a buffer overflow vulnerability in the ToToLink A3002MU router, specifically in the firmware version A3002MU_Hh-B20211125.1046. It occurs in the function handling the WLAN setup, where the router processes the 'wan-url' parameter from an HTTP request without checking its length.
Because the input length is not validated, an excessively long 'wan-url' string can overflow a fixed-size buffer in memory, corrupting adjacent memory regions. This vulnerability is located in the function sub_410188 of the file /boafrm/formWlanSetup within the HTTP Request Handler component.
Remote attackers can exploit this vulnerability by sending a specially crafted HTTP POST request with a long 'wan-url' parameter, potentially causing the device to crash or behave unpredictably.
How can this vulnerability impact me? :
This vulnerability can be exploited remotely to cause a denial of service (DoS) on the affected ToToLink A3002MU router. By sending a maliciously crafted HTTP request with an overly long 'wan-url' parameter, an attacker can trigger a stack-based buffer overflow.
The impact includes crashing the device or causing unpredictable behavior, which can disrupt network connectivity and availability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending a crafted HTTP POST request to the router's endpoint /boafrm/formWlanSetup with an excessively long wlan-url parameter to test for buffer overflow behavior.
A proof-of-concept involves sending a POST request with a wlan-url parameter filled with a large number of characters (e.g., 'a') to trigger the overflow.
For example, you can use the following curl command to test the vulnerability:
- curl -X POST http://<router-ip>/boafrm/formWlanSetup -d "wlan-url=$(python3 -c 'print("a"*1000)')"
If the device crashes, becomes unresponsive, or behaves unpredictably after this request, it indicates the presence of the vulnerability.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding exposure of the affected router's management interface to untrusted networks and disabling remote management if enabled.
Additionally, monitor for firmware updates from the vendor that address this buffer overflow vulnerability and apply them as soon as they become available.
In the meantime, restrict access to the router's HTTP interface to trusted users only and consider network-level protections such as firewall rules to block suspicious requests targeting /boafrm/formWlanSetup.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how CVE-2026-6194 affects compliance with common standards and regulations such as GDPR or HIPAA.