Critical Vulnerability Information Affected Product Brand: TOTOLINK Product: A3002R Version: V4.0.0-B20230511.1404 Vulnerability Description A buffer overflow vulnerability has been discovered in the firmware version V4.0.0-B20230511.1404 of TOTOLINK A3002R. The vulnerability stems from improper input validation of the parameter in the formOpt6s form of the bea interface. Default Credentials Username: admin Password: admin Vulnerability Analysis The critical vulnerable code is located in the function . Analysis using Ghidra reveals: retrieves POST parameters. is used without length checking, leading to a buffer overflow. To trigger the vulnerability, the following conditions must be met: Parameter (enables function call). (enables parameter processing). followed by malicious payload (to overflow the buffer). Exploitation Requirements The attacker must send a POST request containing the above parameters. Proof of Concept (PoC) Example exploit request: After sending the request, the process will crash.