CVE-2026-15204
MEDIUMTOTOLINK X5000R OpenVPN Export cstecgi.cgi exportOvpn path traversal
Title source: cnaDescription
A vulnerability was detected in TOTOLINK X5000R 9.1.0cu.2415_B20250515/9.1.0cu.2350_B20230313. Affected by this vulnerability is the function exportOvpn of the file /web/cgi-bin/cstecgi.cgi of the component OpenVPN Export. The manipulation results in path traversal. The attack may be launched remotely.
References (6)
Core 6
Core References
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-377125 | TOTOLINK X5000R OpenVPN Export cstecgi.cgi exportOvpn path traversal
https://vuldb.com/vuln/377125
Signature, Permissions Required signature
permissions-required
VDB-377125 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/377125/cti
Third Party Advisory third-party-advisory
CVE-2026-15204 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-15204
Third Party Advisory third-party-advisory
Submit #852073 | TOTOLINK TOTOLINK X5000R V9.1.0cu.2415_B20250515,V9.1.0cu.2350_B20230313 Pre-authenticated OpenVPN profile
https://vuldb.com/submit/852073
Related related
https://github.com/meishigana/CVE/tree/main/totolink_x5000r_exportovpn_file_disclosure_2026-06-09
Product product
https://www.totolink.net/
Scores
CVSS v3
5.3
EPSS
0.0049
EPSS Percentile
38.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (2)
TOTOLINK/X5000R
9.1.0cu.2350_B20230313
TOTOLINK/X5000R
9.1.0cu.2415_B20250515
Published
Jul 09, 2026
Tracked Since
Jul 09, 2026