PT-2026-35922 · Totolink · A3002Ru V3

0Xmania

Published

2026-04-29

Updated

2026-04-30

CVE-2026-36837

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions TOTOLINK A3002RU V3 versions prior to V3.0.0-B20220304.1804

Description A stack-based buffer overflow exists in the formMapDelDevice() function. This issue occurs via the hostname parameter. A stack-based buffer overflow is a condition where a program writes more data to a buffer located on the stack than the buffer is allocated to hold, potentially leading to crashes or arbitrary code execution.

Recommendations Update to a version newer than V3.0.0-B20220304.1804. As a temporary workaround, restrict access to the formMapDelDevice() function to minimize the risk of exploitation.

Exploit

Fix

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121

Related Identifiers

CVE-2026-36837

Affected Products

A3002Ru V3

PT-2026-35922 · Totolink · A3002Ru V3

CVE-2026-36837

Weakness Enumeration

Related Identifiers

Affected Products

References · 4