TOTOLINK Devices Exposed to Least Privilege Violations
CVE-2026-15271

7.7HIGH

Key Information:

Vendor

Totolink

Status
Vendor
CVE Published:
9 July 2026

What is CVE-2026-15271?

A vulnerability exists in the web interface of various TOTOLINK devices due to misconfiguration of the /etc/boa/boa.conf file. This security flaw may allow an attacker to exploit least privilege violations through remote access, potentially compromising sensitive configurations. The complexity of executing an attack is considered high, making exploitation challenging but not impossible. Users are encouraged to review their device settings and apply updates to mitigate potential risks.

Affected Version(s)

A3000RU 20260906

A3100R 20260906

A950RG 20260906

References

CVSS V4

Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

L-14 (VulDB User)
.