Totolink A3002MU B20211125.1046 Router Faces High-Severity RCE
The National Vulnerability Database has disclosed a critical vulnerability, CVE-2026-6194, impacting the Totolink A3002MU B20211125.1046 router. This isn’t just a minor glitch; we’re talking about a stack-based buffer overflow stemming from improper handling of the wan-url argument within the sub_410188 function of the /boafrm/formWlanSetup component’s HTTP Request Handler.
What makes this particularly nasty is its remote exploitability. A threat actor doesn’t need physical access to the device; they can trigger this vulnerability over the network. With a CVSS score of 8.8 (HIGH), this flaw opens the door for significant compromise, potentially leading to full device control. The National Vulnerability Database also notes that an exploit has already been made public, meaning this isn’t some theoretical threat – it’s actively weaponizable.
Related ATT&CK Techniques
🛡️ Detection Rules
5 rules · 5 SIEM formats5 auto-generated detection rules for this incident, mapped to MITRE ATT&CK. Available in Sigma, Splunk SPL, Sentinel KQL, Elastic Lucene, and QRadar AQL.
Web Application Exploitation Attempt — CVE-2026-6194
Get this rule in your SIEM's native format — copy, paste, detect. No manual conversion.
5 Sigma rules mapped to the ATT&CK techniques from this breach — pick your SIEM and get a ready-to-paste query.
Get Detection Rules →Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-6194 | Buffer Overflow | Totolink A3002MU B20211125.1046 |
| CVE-2026-6194 | Buffer Overflow | CWE-121: Stack-based Buffer Overflow |
| CVE-2026-6194 | Buffer Overflow | Vulnerable function: sub_410188 in /boafrm/formWlanSetup |
| CVE-2026-6194 | Buffer Overflow | Vulnerable component: HTTP Request Handler |
| CVE-2026-6194 | Buffer Overflow | Vulnerable argument: wan-url |
Related Posts
Critical RCE Flaw Hits NuGet Gallery Backend
CVE-2026-39399 — NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within...
BoidCMS LFI to RCE: A Critical Template Flaw
CVE-2026-39387 — BoidCMS is an open-source, PHP-based flat-file CMS for building simple websites and blogs, using JSON as its database. Versions prior to 2.1.3 are...
Nanobot AI: WebSocket Hijack Puts WhatsApp Sessions at Risk
CVE-2026-35589 — nanobot is a personal AI assistant. Versions prior to 0.1.5 contain a Cross-Site WebSocket Hijacking (CSWSH) vulnerability exists in the bridge's WebSocket server...