Description
A vulnerability was detected in TOTOLINK X5000R 9.1.0cu.2415_B20250515/9.1.0cu.2350_B20230313. Affected by this vulnerability is the function exportOvpn of the file /web/cgi-bin/cstecgi.cgi of the component OpenVPN Export. The manipulation results in path traversal. The attack may be launched remotely.
Published: 2026-07-09
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 09 Jul 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Totolink x5000r
Vendors & Products Totolink x5000r

Thu, 09 Jul 2026 18:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in TOTOLINK X5000R 9.1.0cu.2415_B20250515/9.1.0cu.2350_B20230313. Affected by this vulnerability is the function exportOvpn of the file /web/cgi-bin/cstecgi.cgi of the component OpenVPN Export. The manipulation results in path traversal. The attack may be launched remotely.
Title TOTOLINK X5000R OpenVPN Export cstecgi.cgi exportOvpn path traversal
First Time appeared Totolink
Totolink x5000r Firmware
Weaknesses CWE-22
CPEs cpe:2.3:o:totolink:x5000r_firmware:*:*:*:*:*:*:*:*
Vendors & Products Totolink
Totolink x5000r Firmware
References
Metrics cvssV2_0

{'score': 4.3, 'vector': 'AV:N/AC:M/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}


Subscriptions

Totolink X5000r X5000r Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-07-09T17:45:10.075Z

Reserved: 2026-07-09T06:54:25.124Z

Link: CVE-2026-15204

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-09T19:30:17Z

Weaknesses
  • CWE-22

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')