Path Traversal Vulnerability in TOTOLINK X5000R OpenVPN Export Feature
CVE-2026-15204
6.9MEDIUM
What is CVE-2026-15204?
A path traversal vulnerability exists in the TOTOLINK X5000R routers, specifically within the OpenVPN Export functionality of the cstecgi.cgi component. This flaw allows remote attackers to manipulate file paths, potentially leading to unauthorized access to sensitive files on the server. The issue arises from improper validation of user input, which could be exploited without authentication, making it critical for administrators to take immediate action to secure their devices.
Affected Version(s)
X5000R 9.1.0cu.2350_B20230313
X5000R 9.1.0cu.2415_B20250515
