CVE-2026-15271

HIGH

TOTOLINK EX200 Web boa.conf least privilege violation

Title source: cna
STIX 2.1

Description

A security vulnerability has been detected in TOTOLINK A3000RU, A3100R, A950RG, AC1200T10, CP450, CS185R_T10 and EX200 up to 20260906. Affected by this issue is some unknown functionality of the file /etc/boa/boa.conf of the component Web Interface. The manipulation leads to least privilege violation. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitation is known to be difficult.

References (12)

Core 12
Core References
Product product
https://www.totolink.net/
Vdb Entry vdb-entry
VDB-377214 | TOTOLINK EX200 Web boa.conf least privilege violation
https://vuldb.com/vuln/377214
Signature, Permissions Required signature permissions-required
VDB-377214 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/377214/cti
Third Party Advisory third-party-advisory
CVE-2026-15271 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-15271
Third Party Advisory third-party-advisory
Submit #852316 | TOTOLink A3000RU A3000RU V5.9c.5185 Misconfiguration in A3000RU
https://vuldb.com/submit/852316
Third Party Advisory third-party-advisory
Submit #852317 | TOTOLink A3100R A3100R V4.1.2cu.5050 Misconfiguration in A3100R (Duplicate)
https://vuldb.com/submit/852317
Third Party Advisory third-party-advisory
Submit #852318 | TOTOLink AC1200T10 V2 AC1200T10 V2 V4.1.8cu.5207 Misconfiguration in AC1200T10 V2 (Duplicate)
https://vuldb.com/submit/852318
Third Party Advisory third-party-advisory
Submit #852319 | TOTOLink CP450 CP450 V4.1.0cu.747 Misconfiguration in CP450 (Duplicate)
https://vuldb.com/submit/852319
Third Party Advisory third-party-advisory
Submit #852320 | TOTOLink CS185R_T10 CS185R_T10 V5.9c.1485 Misconfiguration in CS185R_T10 (Duplicate)
https://vuldb.com/submit/852320
Third Party Advisory third-party-advisory
Submit #852321 | TOTOLink EX200 EX200 V4.0.3c.7646 Misconfiguration in EX200 (Duplicate)
https://vuldb.com/submit/852321
Third Party Advisory third-party-advisory
Submit #852323 | TOTOLink A950RG A950RG V5.9c.4592 Misconfiguration in A950RG (Duplicate)
https://vuldb.com/submit/852323

Scores

CVSS v3 7.5
EPSS 0.0041
EPSS Percentile 32.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-266 CWE-272
Status published
Products (7)
TOTOLINK/A3000RU 20260906
TOTOLINK/A3100R 20260906
TOTOLINK/A950RG 20260906
TOTOLINK/AC1200T10 20260906
TOTOLINK/CP450 20260906
TOTOLINK/CS185R_T10 20260906
TOTOLINK/EX200 20260906
Published Jul 09, 2026
Tracked Since Jul 10, 2026