CVE-2026-6194
Received Received - Intake
Stack-Based Buffer Overflow in Totolink A3002MU HTTP Handler

Publication date: 2026-04-13

Last updated on: 2026-04-13

Assigner: VulDB

Description
A weakness has been identified in Totolink A3002MU B20211125.1046. Affected by this vulnerability is the function sub_410188 of the file /boafrm/formWlanSetup of the component HTTP Request Handler. This manipulation of the argument wan-url causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-13
Last Modified
2026-04-13
Generated
2026-06-19
AI Q&A
2026-04-13
EPSS Evaluated
2026-06-18
NVD
CVE-2026-6194
EUVD
EUVD-2026-22034
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
totolink a3002mu b20211125.1046
totolink a3002mu a3002mu_hh-b20211125.1046
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-6194 is a buffer overflow vulnerability in the ToToLink A3002MU router, specifically in the firmware version A3002MU_Hh-B20211125.1046. It occurs in the function handling the WLAN setup, where the router processes the 'wan-url' parameter from an HTTP request without checking its length.

Because the input length is not validated, an excessively long 'wan-url' string can overflow a fixed-size buffer in memory, corrupting adjacent memory regions. This vulnerability is located in the function sub_410188 of the file /boafrm/formWlanSetup within the HTTP Request Handler component.

Remote attackers can exploit this vulnerability by sending a specially crafted HTTP POST request with a long 'wan-url' parameter, potentially causing the device to crash or behave unpredictably.

Impact Analysis

This vulnerability can be exploited remotely to cause a denial of service (DoS) on the affected ToToLink A3002MU router. By sending a maliciously crafted HTTP request with an overly long 'wan-url' parameter, an attacker can trigger a stack-based buffer overflow.

The impact includes crashing the device or causing unpredictable behavior, which can disrupt network connectivity and availability.

Detection Guidance

This vulnerability can be detected by sending a crafted HTTP POST request to the router's endpoint /boafrm/formWlanSetup with an excessively long wlan-url parameter to test for buffer overflow behavior.

A proof-of-concept involves sending a POST request with a wlan-url parameter filled with a large number of characters (e.g., 'a') to trigger the overflow.

For example, you can use the following curl command to test the vulnerability:

  • curl -X POST http://<router-ip>/boafrm/formWlanSetup -d "wlan-url=$(python3 -c 'print("a"*1000)')"

If the device crashes, becomes unresponsive, or behaves unpredictably after this request, it indicates the presence of the vulnerability.

Mitigation Strategies

Immediate mitigation steps include avoiding exposure of the affected router's management interface to untrusted networks and disabling remote management if enabled.

Additionally, monitor for firmware updates from the vendor that address this buffer overflow vulnerability and apply them as soon as they become available.

In the meantime, restrict access to the router's HTTP interface to trusted users only and consider network-level protections such as firewall rules to block suspicious requests targeting /boafrm/formWlanSetup.

Compliance Impact

The provided information does not specify how CVE-2026-6194 affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6194. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart