Details of VAR-202602-2618

ID

VAR-202602-2618

CVE

CVE-2026-26736

TITLE

TOTOLINK of A3002RU Out-of-bounds write vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-004483

DESCRIPTION

TOTOLINK A3002RU_V3 V3.0.0-B20220304.1804 was discovered to contain a stack-based buffer overflow via the static_ipv6 parameter in the formIpv6Setup function. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-26736 // JVNDB: JVNDB-2026-004483

AFFECTED PRODUCTS

vendor:	totolink	model:	a3002ru	scope:	lte	version:	3.0.0-b20220304.1804	Trust: 1.0
vendor:	totolink	model:	a3002ru	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	a3002ru	scope:	lte	version:	a3002ru firmware 3.0.0-b20220304.1804 and earlier	Trust: 0.8
vendor:	totolink	model:	a3002ru	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-004483 // NVD: CVE-2026-26736

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2026-26736
value:	HIGH
Trust: 1.0
NVD:	CVE-2026-26736
value:	HIGH
Trust: 0.8

nvd@nist.gov:	CVE-2026-26736
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2026-26736
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-004483 // NVD: CVE-2026-26736

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-004483 // NVD: CVE-2026-26736

PATCH

title:

cve/TOTOLINK-A3002RUV3.0-boa-formIpv6Setup-StackOverflow at main 0xmania/cve GitHub

url:

https://github.com/0xmania/cve/tree/main/TOTOLINK-A3002RUV3.0-boa-formIpv6Setup-StackOverflow

Trust: 0.8

sources: JVNDB: JVNDB-2026-004483

EXTERNAL IDS

db:	NVD	id:	CVE-2026-26736	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-004483	Trust: 0.8

sources: JVNDB: JVNDB-2026-004483 // NVD: CVE-2026-26736

REFERENCES

url:	https://github.com/0xmania/cve/tree/main/totolink-a3002ruv3.0-boa-formipv6setup-stackoverflow	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2026-26736	Trust: 0.8

sources: JVNDB: JVNDB-2026-004483 // NVD: CVE-2026-26736

SOURCES

db:	JVNDB	id:	JVNDB-2026-004483
db:	NVD	id:	CVE-2026-26736

LAST UPDATE DATE

2026-02-24T23:51:05.915000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-004483	date:	2026-02-24T07:37:00
db:	NVD	id:	CVE-2026-26736	date:	2026-02-20T13:11:42.180

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-004483	date:	2026-02-24T00:00:00
db:	NVD	id:	CVE-2026-26736	date:	2026-02-17T19:21:57.603