0Xmania

#6229of 53,630
43.7Total CVSS
Vulnerabilities · 5
High
4
Critical
1
PT-2026-35922
7.5
2026-04-29
Totolink · A3002Ru V3 · CVE-2026-36837
**Name of the Vulnerable Software and Affected Versions** TOTOLINK A3002RU V3 versions prior to V3.0.0-B20220304.1804 **Description** A stack-based buffer overflow exists in the `formMapDelDevice()` function. This issue occurs via the `hostname` parameter. A stack-based buffer overflow is a condition where a program writes more data to a buffer located on the stack than the buffer is allocated to hold, potentially leading to crashes or arbitrary code execution. **Recommendations** Update to a version newer than V3.0.0-B20220304.1804. As a temporary workaround, restrict access to the `formMapDelDevice()` function to minimize the risk of exploitation.
PT-2026-35923
9.8
2026-04-29
Totolink · N200Re V5 · CVE-2026-36841
**Name of the Vulnerable Software and Affected Versions** TOTOLINK N200RE V5 **Description** Command injection is possible through the `macstr` and `bandstr` parameters within the `formMapDelDevice()` function. Command injection is a flaw that allows an attacker to execute arbitrary operating system commands on the target system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2026-20357
8.8
2026-02-17
Totolink · Totolink A3002Ru · CVE-2026-26731
**Name of the Vulnerable Software and Affected Versions** TOTOLINK A3002RU version 2.1.1-B20211108.1455 **Description** A stack-based buffer overflow exists due to the `routernamer` parameter within the `formDnsv6` function. The issue is present in TOTOLINK A3002RU version 2.1.1-B20211108.1455. The vulnerable parameter is `routernamer`. **Recommendations** Update TOTOLINK A3002RU to a version newer than 2.1.1-B20211108.1455. As a temporary workaround, restrict or disable the use of the `formDnsv6` function.
PT-2026-20358
8.8
2026-02-17
Totolink · Totolink A3002Ru · CVE-2026-26732
**Name of the Vulnerable Software and Affected Versions** TOTOLINK A3002RU version 2.1.1-B20211108.1455 **Description** The TOTOLINK A3002RU router firmware contains a stack-based buffer overflow. The issue is located in the `formFilter` function and is triggered through the `vpnUser` and `vpnPassword` parameters. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, avoid using the `vpnUser` and `vpnPassword` parameters.
PT-2026-20359
8.8
2026-02-17
Totolink · Totolink A3002Ru V3 · CVE-2026-26736
**Name of the Vulnerable Software and Affected Versions** TOTOLINK A3002RU V3 version 3.0.0-B20220304.1804 **Description** The TOTOLINK A3002RU V3 router firmware contains a stack-based buffer overflow. The issue is located in the `formIpv6Setup` function through the `static ipv6` parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.