Details of VAR-202602-2485

ID

VAR-202602-2485

CVE

CVE-2026-26731

TITLE

TOTOLINK of A3002RU Out-of-bounds write vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-004485

DESCRIPTION

TOTOLINK A3002RU V2.1.1-B20211108.1455 was discovered to contain a stack-based buffer overflow via the routernamer`parameter in the formDnsv6 function. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-26731 // JVNDB: JVNDB-2026-004485

AFFECTED PRODUCTS

vendor:	totolink	model:	a3002ru	scope:	eq	version:	2.1.1-b20211108.1455	Trust: 1.0
vendor:	totolink	model:	a3002ru	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	a3002ru	scope:	eq	version:	a3002ru firmware 2.1.1-b20211108.1455	Trust: 0.8
vendor:	totolink	model:	a3002ru	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-004485 // NVD: CVE-2026-26731

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2026-26731
value:	HIGH
Trust: 1.0
NVD:	CVE-2026-26731
value:	HIGH
Trust: 0.8

nvd@nist.gov:	CVE-2026-26731
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2026-26731
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-004485 // NVD: CVE-2026-26731

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-004485 // NVD: CVE-2026-26731

PATCH

title:

cve/TOTOLINK-A3002RU-boa-formDnsv6-StackOverflow at main 0xmania/cve GitHub

url:

https://github.com/0xmania/cve/tree/main/TOTOLINK-A3002RU-boa-formDnsv6-StackOverflow

Trust: 0.8

sources: JVNDB: JVNDB-2026-004485

EXTERNAL IDS

db:	NVD	id:	CVE-2026-26731	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-004485	Trust: 0.8

sources: JVNDB: JVNDB-2026-004485 // NVD: CVE-2026-26731

REFERENCES

url:	https://github.com/0xmania/cve/tree/main/totolink-a3002ru-boa-formdnsv6-stackoverflow	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2026-26731	Trust: 0.8

sources: JVNDB: JVNDB-2026-004485 // NVD: CVE-2026-26731

SOURCES

db:	JVNDB	id:	JVNDB-2026-004485
db:	NVD	id:	CVE-2026-26731

LAST UPDATE DATE

2026-02-24T23:50:59.255000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-004485	date:	2026-02-24T07:37:00
db:	NVD	id:	CVE-2026-26731	date:	2026-02-20T13:41:08.857

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-004485	date:	2026-02-24T00:00:00
db:	NVD	id:	CVE-2026-26731	date:	2026-02-17T19:21:57.383