Description
TOTOLINK A3002RU V2.1.1-B20211108.1455 was discovered to contain a stack-based buffer overflow via the vpnUser or vpnPassword` parameters in the formFilter function.
Published: 2026-02-17
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

A stack-based buffer overflow exists in the formFilter function of TOTOLINK A3002RU V2.1.1-B20211108.1455, triggered when an attacker supplies overly long values for the vpnUser or vpnPassword parameters. The overflow can corrupt the execution stack and potentially allow arbitrary code execution on the device, compromising confidentiality, integrity, and availability of the router and any connected networks. The weakness is a classic buffer overflow flaw (CWE-121/CWE-787).

Affected Systems

TOTOLINK A3002RU model operated with firmware version 2.1.1-B20211108.1455 is affected. No other products or versions are listed as impacted.

Risk and Exploitability

The vulnerability has a CVSS score of 8.8, indicating high severity, but the EPSS score is below 1%, suggesting a very low probability of exploitation in the wild at this time. It is not listed in the CISA KEV catalog. Attackers would likely exploit the flaw remotely via HTTP requests to the router’s web interface, as the vulnerable parameters are transmitted through the formFilter endpoint. No public exploit has been reported, so the risk remains theoretical until an attacker demonstrates a working exploit.

Generated by OpenCVE AI on April 16, 2026 at 06:46 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any official firmware update from TOTOLINK that fixes the buffer overflow.
  • If no patch is available, restrict external access to the router’s management interface by configuring the device or network firewall to block or limit HTTP/HTTPS traffic to the router’s IP address from outside the local network.
  • Enable monitoring or a web‑application firewall to detect and block attempts to submit excessively long vpnUser or vpnPassword values to the formFilter endpoint, and deny those requests at the network level.

Generated by OpenCVE AI on April 16, 2026 at 06:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 07:15:00 +0000

Type Values Removed Values Added
Title Stack-based Buffer Overflow via VPN Parameters in TOTOLINK A3002RU Router

Wed, 11 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-121
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 20 Feb 2026 13:45:00 +0000

Type Values Removed Values Added
First Time appeared Totolink a3002ru-v2
Totolink a3002ru Firmware
Weaknesses CWE-787
CPEs cpe:2.3:h:totolink:a3002ru-v2:-:*:*:*:*:*:*:*
cpe:2.3:o:totolink:a3002ru_firmware:2.1.1-b20211108.1455:*:*:*:*:*:*:*
Vendors & Products Totolink a3002ru-v2
Totolink a3002ru Firmware
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Wed, 18 Feb 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Totolink
Totolink a3002ru
Vendors & Products Totolink
Totolink a3002ru

Tue, 17 Feb 2026 19:15:00 +0000

Type Values Removed Values Added
Description TOTOLINK A3002RU V2.1.1-B20211108.1455 was discovered to contain a stack-based buffer overflow via the vpnUser or vpnPassword` parameters in the formFilter function.
References

Subscriptions

Totolink A3002ru A3002ru-v2 A3002ru Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-11T15:19:31.620Z

Reserved: 2026-02-16T00:00:00.000Z

Link: CVE-2026-26732

cve-icon Vulnrichment

Updated: 2026-03-06T18:35:57.537Z

cve-icon NVD

Status : Modified

Published: 2026-02-17T19:21:57.493

Modified: 2026-03-11T16:16:39.540

Link: CVE-2026-26732

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T07:00:10Z

Weaknesses