CVE-2026-15204

MEDIUM

TOTOLINK X5000R OpenVPN Export cstecgi.cgi exportOvpn path traversal

Title source: cna
STIX 2.1

Description

A vulnerability was detected in TOTOLINK X5000R 9.1.0cu.2415_B20250515/9.1.0cu.2350_B20230313. Affected by this vulnerability is the function exportOvpn of the file /web/cgi-bin/cstecgi.cgi of the component OpenVPN Export. The manipulation results in path traversal. The attack may be launched remotely.

References (6)

Core 6
Core References
Vdb Entry, Technical Description vdb-entry technical-description
VDB-377125 | TOTOLINK X5000R OpenVPN Export cstecgi.cgi exportOvpn path traversal
https://vuldb.com/vuln/377125
Signature, Permissions Required signature permissions-required
VDB-377125 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/377125/cti
Third Party Advisory third-party-advisory
CVE-2026-15204 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-15204
Third Party Advisory third-party-advisory
Submit #852073 | TOTOLINK TOTOLINK X5000R V9.1.0cu.2415_B20250515,V9.1.0cu.2350_B20230313 Pre-authenticated OpenVPN profile
https://vuldb.com/submit/852073
Product product
https://www.totolink.net/

Scores

CVSS v3 5.3
EPSS 0.0049
EPSS Percentile 38.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-22
Status published
Products (2)
TOTOLINK/X5000R 9.1.0cu.2350_B20230313
TOTOLINK/X5000R 9.1.0cu.2415_B20250515
Published Jul 09, 2026
Tracked Since Jul 09, 2026