High severity8.8NVD Advisory· Published Apr 13, 2026· Updated Apr 22, 2026
CVE-2026-6194
CVE-2026-6194
Description
A weakness has been identified in Totolink A3002MU B20211125.1046. Affected by this vulnerability is the function sub_410188 of the file /boafrm/formWlanSetup of the component HTTP Request Handler. This manipulation of the argument wan-url causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5News mentions
50- Weaver E-cology critical bug exploited in attacks since MarchBleepingComputer · May 4, 2026
- TeamPCP Weekly Analysis: 2026-W18 (2026-04-27 through 2026-05-03), (Mon, May 4th)SANS Internet Storm Center · May 4, 2026
- Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670)Help Net Security · May 4, 2026
- Multiple threat actors actively exploit cPanel vulnerability (CVE-2026-41940)Help Net Security · May 4, 2026
- Progress warns of critical MOVEit Automation auth bypass flawBleepingComputer · May 4, 2026
- CISA says ‘Copy Fail’ flaw now exploited to root Linux systemsBleepingComputer · May 4, 2026
- Exploitation of ‘Copy Fail’ Linux Vulnerability BeginsSecurityWeek · May 4, 2026
- Claude Security enters public beta with Opus 4.7 vulnerability scanning and patchingHelp Net Security · May 4, 2026
- Critical cPanel Vulnerability Weaponized to Target Government and MSP NetworksThe Hacker News · May 4, 2026
- Wireshark 4.6.5 Released, (Sun, May 3rd)SANS Internet Storm Center · May 3, 2026
- Week in review: High-severity LPE vulnerability in the Linux kernel, cPanel 0-day exploited for monthsHelp Net Security · May 3, 2026
- CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEVThe Hacker News · May 3, 2026
- In Other News: Scattered Spider Hacker Arrested, SOC Effectiveness Metrics, NSA Tool VulnerabilitySecurityWeek · May 1, 2026
- Great responsibility, without great powerCisco Talos Intelligence · Apr 30, 2026
- Wordfence Intelligence Weekly WordPress Vulnerability Report (April 20, 2026 to April 26, 2026)Wordfence Blog · Apr 30, 2026
- Anti-DDoS Firm Heaped Attacks on Brazilian ISPsKrebs on Security · Apr 30, 2026
- cPanel zero-day exploited for months before patch release (CVE-2026-41940)Help Net Security · Apr 30, 2026
- Nine-year-old Linux kernel flaw enables reliable local privilege escalation (CVE-2026-31431)Help Net Security · Apr 30, 2026
- New Linux 'Copy Fail' Vulnerability Enables Root Access on Major DistributionsThe Hacker News · Apr 30, 2026
- Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code ExecutionThe Hacker News · Apr 30, 2026
- Danger of Libredtail [Guest Diary], (Wed, Apr 29th)SANS Internet Storm Center · Apr 30, 2026
- AI-powered honeypots: Turning the tables on malicious AI agentsCisco Talos Intelligence · Apr 29, 2026
- Critical cPanel Authentication Vulnerability Identified — Update Your Server ImmediatelyThe Hacker News · Apr 29, 2026
- CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEVThe Hacker News · Apr 29, 2026
- LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of DisclosureThe Hacker News · Apr 29, 2026
- Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git PushThe Hacker News · Apr 28, 2026
- Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCEThe Hacker News · Apr 28, 2026
- What Anthropic’s Mythos Means for the Future of CybersecuritySchneier on Security · Apr 28, 2026
- After Mythos: New Playbooks For a Zero-Window EraThe Hacker News · Apr 28, 2026
- Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202The Hacker News · Apr 28, 2026
- Mythos Changed the Math on Vulnerability Discovery. Most Teams Aren't Ready for the Remediation SideThe Hacker News · Apr 27, 2026
- CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal DeadlineThe Hacker News · Apr 25, 2026
- LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of DisclosureThe Hacker News · Apr 24, 2026
- Wordfence Intelligence Weekly WordPress Vulnerability Report (April 13, 2026 to April 19, 2026)Wordfence Blog · Apr 23, 2026
- [Webinar] Mythos Reality Check: Beating Automated Exploitation at AI SpeedThe Hacker News · Apr 23, 2026
- FBI Extracts Deleted Signal Messages from iPhone Notification DatabaseSchneier on Security · Apr 23, 2026
- IR Trends Q1 2026: Phishing reemerges as top initial access vector, as attacks targeting public administration persistCisco Talos Intelligence · Apr 22, 2026
- Foxit, LibRaw vulnerabilitiesCisco Talos Intelligence · Apr 16, 2026
- The Q1 vulnerability pulseCisco Talos Intelligence · Apr 16, 2026
- Attackers Actively Exploiting Critical Vulnerability in Ninja Forms – File Upload PluginWordfence Blog · Apr 16, 2026
- Wordfence Intelligence Weekly WordPress Vulnerability Report (April 6, 2026 to April 12, 2026)Wordfence Blog · Apr 16, 2026
- Patch Tuesday, April 2026 EditionKrebs on Security · Apr 14, 2026
- Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent VulnerabilitiesCisco Talos Intelligence · Apr 14, 2026
- Attackers Actively Exploiting Critical Vulnerability in Kali Forms PluginWordfence Blog · Apr 13, 2026
- The Increasing Role of AI in Vulnerability ResearchWordfence Blog · Apr 10, 2026
- Wordfence Intelligence Weekly WordPress Vulnerability Report (March 30, 2026 to April 5, 2026)Wordfence Blog · Apr 9, 2026
- 50,000 WordPress Sites affected by Arbitrary File Upload Vulnerability in Ninja Forms – File Upload WordPress PluginWordfence Blog · Apr 6, 2026
- 200,000 WordPress Sites Affected by Arbitrary File Deletion Vulnerability in Perfmatters WordPress PluginWordfence Blog · Apr 2, 2026
- Wordfence Intelligence Weekly WordPress Vulnerability Report (March 23, 2026 to March 29, 2026)Wordfence Blog · Apr 2, 2026
- ‘CanisterWorm’ Springs Wiper Attack Targeting IranKrebs on Security · Mar 23, 2026