TOTOLINK A3002RU router has a buffer overflow in IPv6 setup

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.8

TOTOLINK A3002RU router has a buffer overflow in IPv6 setup

CVE-2026-26736

Summary

The TOTOLINK A3002RU_V3 router's IPv6 setup feature has a security flaw that could allow hackers to potentially crash the device or execute malicious code. This affects the device's stability and security. Router administrators should update the firmware to the latest version to fix this issue.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
totolink	a3002ru_firmware	<= 3.0.0-b20220304.1804	–

Original title

TOTOLINK A3002RU_V3 V3.0.0-B20220304.1804 was discovered to contain a stack-based buffer overflow via the static_ipv6 parameter in the formIpv6Setup function.

Original description

TOTOLINK A3002RU_V3 V3.0.0-B20220304.1804 was discovered to contain a stack-based buffer overflow via the static_ipv6 parameter in the formIpv6Setup function.

nvd CVSS3.1 8.8

Vulnerability type

CWE-787 Out-of-bounds Write

CWE-121 Stack-based Buffer Overflow

https://github.com/0xmania/cve/tree/main/TOTOLINK-A3002RUV3.0-boa-formIpv6Setup-... Exploit Third Party Advisory

Published: 17 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026