Details of VAR-202602-2401

ID

VAR-202602-2401

CVE

CVE-2026-26732

TITLE

TOTOLINK of A3002RU Out-of-bounds write vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-004484

DESCRIPTION

TOTOLINK A3002RU V2.1.1-B20211108.1455 was discovered to contain a stack-based buffer overflow via the vpnUser or vpnPassword` parameters in the formFilter function. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-26732 // JVNDB: JVNDB-2026-004484

AFFECTED PRODUCTS

vendor:	totolink	model:	a3002ru	scope:	eq	version:	2.1.1-b20211108.1455	Trust: 1.0
vendor:	totolink	model:	a3002ru	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	a3002ru	scope:	eq	version:	a3002ru firmware 2.1.1-b20211108.1455	Trust: 0.8
vendor:	totolink	model:	a3002ru	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-004484 // NVD: CVE-2026-26732

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2026-26732
value:	HIGH
Trust: 1.0
NVD:	CVE-2026-26732
value:	HIGH
Trust: 0.8

nvd@nist.gov:	CVE-2026-26732
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2026-26732
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-004484 // NVD: CVE-2026-26732

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-004484 // NVD: CVE-2026-26732

PATCH

title:

cve/TOTOLINK-A3002RU-boa-formFilter-StackOverflow at main 0xmania/cve GitHub

url:

https://github.com/0xmania/cve/tree/main/TOTOLINK-A3002RU-boa-formFilter-StackOverflow

Trust: 0.8

sources: JVNDB: JVNDB-2026-004484

EXTERNAL IDS

db:	NVD	id:	CVE-2026-26732	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-004484	Trust: 0.8

sources: JVNDB: JVNDB-2026-004484 // NVD: CVE-2026-26732

REFERENCES

url:	https://github.com/0xmania/cve/tree/main/totolink-a3002ru-boa-formfilter-stackoverflow	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2026-26732	Trust: 0.8

sources: JVNDB: JVNDB-2026-004484 // NVD: CVE-2026-26732

SOURCES

db:	JVNDB	id:	JVNDB-2026-004484
db:	NVD	id:	CVE-2026-26732

LAST UPDATE DATE

2026-02-24T23:50:57.377000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-004484	date:	2026-02-24T07:37:00
db:	NVD	id:	CVE-2026-26732	date:	2026-02-20T13:40:19.393

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-004484	date:	2026-02-24T00:00:00
db:	NVD	id:	CVE-2026-26732	date:	2026-02-17T19:21:57.493