CVE-2026-15271 PUBLISHED

TOTOLINK EX200 Web boa.conf least privilege violation

Assigner: VulDB
Reserved: 09.07.2026 Published: 09.07.2026 Updated: 10.07.2026

A security vulnerability has been detected in TOTOLINK A3000RU, A3100R, A950RG, AC1200T10, CP450, CS185R_T10 and EX200 up to 20260906. Affected by this issue is some unknown functionality of the file /etc/boa/boa.conf of the component Web Interface. The manipulation leads to least privilege violation. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitation is known to be difficult.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X
CVSS Score: 7.7

Product Status

Vendor TOTOLINK
Product A3000RU
Versions
  • Version 20260906 is affected
Vendor TOTOLINK
Product A3100R
Versions
  • Version 20260906 is affected
Vendor TOTOLINK
Product A950RG
Versions
  • Version 20260906 is affected
Vendor TOTOLINK
Product AC1200T10
Versions
  • Version 20260906 is affected
Vendor TOTOLINK
Product CP450
Versions
  • Version 20260906 is affected
Vendor TOTOLINK
Product CS185R_T10
Versions
  • Version 20260906 is affected
Vendor TOTOLINK
Product EX200
Versions
  • Version 20260906 is affected

Credits

  • L-14 (VulDB User) reporter

References

Problem Types

  • Least Privilege Violation CWE
  • Incorrect Privilege Assignment CWE