CVE-2026-6194
Published: 13 April 2026
Summary
CVE-2026-6194 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Totolink A3002MU B20211125 (inferred from references). Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 37.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2026-6194 is a stack-based buffer overflow vulnerability affecting the Totolink A3002MU router on firmware version B20211125.1046. The flaw exists in the sub_410188 function of the /boafrm/formWlanSetup component within the HTTP Request Handler, where manipulation of the "wan-url" argument triggers the overflow.
Remote attackers with low privileges can exploit this vulnerability over the network with low complexity and no user interaction required, as indicated by its CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Exploitation enables high impacts on confidentiality, integrity, and availability, potentially allowing arbitrary code execution. A public exploit is available, increasing the risk of attacks.
Advisories referenced in VulDB entries (vuln/357116 and related pages) document the issue and recent submission details, while a GitHub repository provides exploit specifics for the A3002MU formWlanSetup component. The Totolink vendor site (totolink.net) should be checked for any firmware updates or mitigation recommendations.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-22034
Vulnerability details
A weakness has been identified in Totolink A3002MU B20211125.1046. Affected by this vulnerability is the function sub_410188 of the file /boafrm/formWlanSetup of the component HTTP Request Handler. This manipulation of the argument wan-url causes stack-based buffer overflow. Remote exploitation of…
more
the attack is possible. The exploit has been made available to the public and could be used for attacks.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in public-facing HTTP handler enables remote exploitation of the web application (T1190) leading to arbitrary code execution via Unix shell on the Linux-based router (T1059.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Timely flaw remediation through firmware updates directly patches the stack-based buffer overflow in the Totolink A3002MU router's HTTP request handler.
Validating the 'wan-url' argument for length and format prevents the buffer overflow triggered by malformed inputs in the sub_410188 function.
Memory protections such as stack canaries, ASLR, and DEP mitigate exploitation of the stack-based buffer overflow even if invalid input reaches the vulnerable function.