CVE-2026-15204 PUBLISHED

TOTOLINK X5000R OpenVPN Export cstecgi.cgi exportOvpn path traversal

Assigner: VulDB
Reserved: 09.07.2026 Published: 09.07.2026 Updated: 09.07.2026

A vulnerability was detected in TOTOLINK X5000R 9.1.0cu.2415_B20250515/9.1.0cu.2350_B20230313. Affected by this vulnerability is the function exportOvpn of the file /web/cgi-bin/cstecgi.cgi of the component OpenVPN Export. The manipulation results in path traversal. The attack may be launched remotely.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
CVSS Score: 6.9

Product Status

Vendor TOTOLINK
Product X5000R
Versions
  • Version 9.1.0cu.2350_B20230313 is affected
  • Version 9.1.0cu.2415_B20250515 is affected

Credits

  • fuhanhan2014 (VulDB User) reporter

References

Problem Types

  • Path Traversal CWE