CVE-2026-15271
HIGHTOTOLINK EX200 Web boa.conf least privilege violation
Title source: cnaDescription
A security vulnerability has been detected in TOTOLINK A3000RU, A3100R, A950RG, AC1200T10, CP450, CS185R_T10 and EX200 up to 20260906. Affected by this issue is some unknown functionality of the file /etc/boa/boa.conf of the component Web Interface. The manipulation leads to least privilege violation. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitation is known to be difficult.
References (12)
Core 12
Core References
Product product
https://www.totolink.net/
Vdb Entry vdb-entry
VDB-377214 | TOTOLINK EX200 Web boa.conf least privilege violation
https://vuldb.com/vuln/377214
Signature, Permissions Required signature
permissions-required
VDB-377214 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/377214/cti
Third Party Advisory third-party-advisory
CVE-2026-15271 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-15271
Third Party Advisory third-party-advisory
Submit #852316 | TOTOLink A3000RU A3000RU V5.9c.5185 Misconfiguration in A3000RU
https://vuldb.com/submit/852316
Third Party Advisory third-party-advisory
Submit #852317 | TOTOLink A3100R A3100R V4.1.2cu.5050 Misconfiguration in A3100R (Duplicate)
https://vuldb.com/submit/852317
Third Party Advisory third-party-advisory
Submit #852318 | TOTOLink AC1200T10 V2 AC1200T10 V2 V4.1.8cu.5207 Misconfiguration in AC1200T10 V2 (Duplicate)
https://vuldb.com/submit/852318
Third Party Advisory third-party-advisory
Submit #852319 | TOTOLink CP450 CP450 V4.1.0cu.747 Misconfiguration in CP450 (Duplicate)
https://vuldb.com/submit/852319
Third Party Advisory third-party-advisory
Submit #852320 | TOTOLink CS185R_T10 CS185R_T10 V5.9c.1485 Misconfiguration in CS185R_T10 (Duplicate)
https://vuldb.com/submit/852320
Third Party Advisory third-party-advisory
Submit #852321 | TOTOLink EX200 EX200 V4.0.3c.7646 Misconfiguration in EX200 (Duplicate)
https://vuldb.com/submit/852321
Third Party Advisory third-party-advisory
Submit #852323 | TOTOLink A950RG A950RG V5.9c.4592 Misconfiguration in A950RG (Duplicate)
https://vuldb.com/submit/852323
Scores
CVSS v3
7.5
EPSS
0.0041
EPSS Percentile
32.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-266
CWE-272
Status
published
Products (7)
TOTOLINK/A3000RU
20260906
TOTOLINK/A3100R
20260906
TOTOLINK/A950RG
20260906
TOTOLINK/AC1200T10
20260906
TOTOLINK/CP450
20260906
TOTOLINK/CS185R_T10
20260906
TOTOLINK/EX200
20260906
Published
Jul 09, 2026
Tracked Since
Jul 10, 2026