CVE-2026-15204
TOTOLINK X5000R OpenVPN Export cstecgi.cgi exportOvpn path traversal
CVSS Score
5.3
EPSS Score
0.5%
EPSS Percentile
39th
A vulnerability was detected in TOTOLINK X5000R 9.1.0cu.2415_B20250515/9.1.0cu.2350_B20230313. Affected by this vulnerability is the function exportOvpn of the file /web/cgi-bin/cstecgi.cgi of the component OpenVPN Export. The manipulation results in path traversal. The attack may be launched remotely.
| CWE | CWE-22 |
| Vendor | totolink |
| Product | x5000r |
| Published | Jul 9, 2026 |
| Last Updated | Jul 14, 2026 |
Stay Ahead of the Next One
Get instant alerts for totolink x5000r
Be the first to know when new medium vulnerabilities affecting totolink x5000r are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
TOTOLINK / X5000R
9.1.0cu.2350_B20230313 9.1.0cu.2415_B20250515
References
vuldb.com: https://vuldb.com/vuln/377125 vuldb.com: https://vuldb.com/vuln/377125/cti vuldb.com: https://vuldb.com/cve/CVE-2026-15204 vuldb.com: https://vuldb.com/submit/852073 github.com: https://github.com/meishigana/CVE/tree/main/totolink_x5000r_exportovpn_file_disclosure_2026-06-09 totolink.net: https://www.totolink.net/
Credits
๐ fuhanhan2014 (VulDB User)