๐Ÿ” CVE Alert

CVE-2026-15204

MEDIUM 5.3

TOTOLINK X5000R OpenVPN Export cstecgi.cgi exportOvpn path traversal

CVSS Score
5.3
EPSS Score
0.5%
EPSS Percentile
39th

A vulnerability was detected in TOTOLINK X5000R 9.1.0cu.2415_B20250515/9.1.0cu.2350_B20230313. Affected by this vulnerability is the function exportOvpn of the file /web/cgi-bin/cstecgi.cgi of the component OpenVPN Export. The manipulation results in path traversal. The attack may be launched remotely.

CWE CWE-22
Vendor totolink
Product x5000r
Published Jul 9, 2026
Last Updated Jul 14, 2026
Stay Ahead of the Next One

Get instant alerts for totolink x5000r

Be the first to know when new medium vulnerabilities affecting totolink x5000r are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

TOTOLINK / X5000R
9.1.0cu.2350_B20230313 9.1.0cu.2415_B20250515

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
vuldb.com: https://vuldb.com/vuln/377125 vuldb.com: https://vuldb.com/vuln/377125/cti vuldb.com: https://vuldb.com/cve/CVE-2026-15204 vuldb.com: https://vuldb.com/submit/852073 github.com: https://github.com/meishigana/CVE/tree/main/totolink_x5000r_exportovpn_file_disclosure_2026-06-09 totolink.net: https://www.totolink.net/

Credits

๐Ÿ” fuhanhan2014 (VulDB User)