Path Traversal Vulnerability in TOTOLINK X5000R OpenVPN Export Feature
CVE-2026-15204

6.9MEDIUM

Key Information:

Vendor

Totolink

Status
Vendor
CVE Published:
9 July 2026

What is CVE-2026-15204?

A path traversal vulnerability exists in the TOTOLINK X5000R routers, specifically within the OpenVPN Export functionality of the cstecgi.cgi component. This flaw allows remote attackers to manipulate file paths, potentially leading to unauthorized access to sensitive files on the server. The issue arises from improper validation of user input, which could be exploited without authentication, making it critical for administrators to take immediate action to secure their devices.

Affected Version(s)

X5000R 9.1.0cu.2350_B20230313

X5000R 9.1.0cu.2415_B20250515

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

fuhanhan2014 (VulDB User)
.