Cyber Resilience

CVE-2026-6194

High

Published: 13 April 2026

Published
13 April 2026
Modified
22 April 2026
KEV Added
Patch
CVSS Score v4 7.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0047 37.2th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-6194 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Totolink A3002MU B20211125 (inferred from references). Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 37.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2026-6194 is a stack-based buffer overflow vulnerability affecting the Totolink A3002MU router on firmware version B20211125.1046. The flaw exists in the sub_410188 function of the /boafrm/formWlanSetup component within the HTTP Request Handler, where manipulation of the "wan-url" argument triggers the overflow.

Remote attackers with low privileges can exploit this vulnerability over the network with low complexity and no user interaction required, as indicated by its CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Exploitation enables high impacts on confidentiality, integrity, and availability, potentially allowing arbitrary code execution. A public exploit is available, increasing the risk of attacks.

Advisories referenced in VulDB entries (vuln/357116 and related pages) document the issue and recent submission details, while a GitHub repository provides exploit specifics for the A3002MU formWlanSetup component. The Totolink vendor site (totolink.net) should be checked for any firmware updates or mitigation recommendations.

EU & UK References

Vulnerability details

A weakness has been identified in Totolink A3002MU B20211125.1046. Affected by this vulnerability is the function sub_410188 of the file /boafrm/formWlanSetup of the component HTTP Request Handler. This manipulation of the argument wan-url causes stack-based buffer overflow. Remote exploitation of…

more

the attack is possible. The exploit has been made available to the public and could be used for attacks.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

Buffer overflow in public-facing HTTP handler enables remote exploitation of the web application (T1190) leading to arbitrary code execution via Unix shell on the Linux-based router (T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-2566Shared CWE-119, CWE-121
CVE-2026-3732Shared CWE-119, CWE-121
CVE-2026-3768Shared CWE-119, CWE-121
CVE-2026-5687Shared CWE-119, CWE-121
CVE-2026-5830Shared CWE-119, CWE-121
CVE-2026-6015Shared CWE-119, CWE-121
CVE-2026-6199Shared CWE-119, CWE-121
CVE-2026-5349Shared CWE-119, CWE-121
CVE-2026-6121Shared CWE-119, CWE-121
CVE-2026-3976Shared CWE-119, CWE-121

Affected Assets

Totolink
A3002MU B20211125
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely flaw remediation through firmware updates directly patches the stack-based buffer overflow in the Totolink A3002MU router's HTTP request handler.

prevent

Validating the 'wan-url' argument for length and format prevents the buffer overflow triggered by malformed inputs in the sub_410188 function.

prevent

Memory protections such as stack canaries, ASLR, and DEP mitigate exploitation of the stack-based buffer overflow even if invalid input reaches the vulnerable function.

References