Skip to main content

TOTOLINK X5000R EUVDEUVD-2026-42660

| CVE-2026-15204 MEDIUM
Path Traversal (CWE-22)
2026-07-09 cna@vuldb.com GHSA-c6wm-vgr9-6gqx
5.5
CVSS 4.0 · Vendor: vuldb
Share

Severity by source

Vendor (vuldb) PRIMARY
5.5 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.3 MEDIUM

Network-reachable unauthenticated read-only path traversal; no integrity or availability impact, unchanged scope, low confidentiality bounded to filesystem reads.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (vuldb).

CVSS VectorVendor: vuldb

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jul 09, 2026 - 18:48 vuln.today

DescriptionCVE.org

A vulnerability was detected in TOTOLINK X5000R 9.1.0cu.2415_B20250515/9.1.0cu.2350_B20230313. Affected by this vulnerability is the function exportOvpn of the file /web/cgi-bin/cstecgi.cgi of the component OpenVPN Export. The manipulation results in path traversal. The attack may be launched remotely.

AnalysisAI

Path traversal in the TOTOLINK X5000R router's OpenVPN Export CGI handler exposes arbitrary router filesystem files to remote unauthenticated attackers. The exportOvpn function within /web/cgi-bin/cstecgi.cgi fails to sanitize user-controlled path input, allowing directory traversal sequences to escape the intended export directory. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify router web interface on LAN/WAN
Delivery
Send unauthenticated HTTP request to cstecgi.cgi exportOvpn
Exploit
Inject path traversal sequences into filename parameter
Execution
Bypass directory restriction in CGI handler
Persist
Read arbitrary file from router filesystem
Impact
Exfiltrate credentials or keys

Vulnerability AssessmentAI

Exploitation The OpenVPN Export feature of the router's web management interface must be accessible to the attacker. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 base score of 5.5 reflects bounded confidentiality impact (VC:L) with no integrity or availability consequences, aligning with a read-only path traversal. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker on the same network as the router - or remotely if WAN management is enabled - sends a crafted HTTP request to `/web/cgi-bin/cstecgi.cgi` invoking the `exportOvpn` action with a path parameter containing directory traversal sequences (e.g., `../../../../etc/passwd`). The CGI handler resolves the manipulated path and returns the file contents in the HTTP response without authentication. …
Remediation No vendor-released patch version is identified in the available data; TOTOLINK's website (https://www.totolink.net/) should be checked for updated firmware releases addressing CVE-2026-15204. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-42660 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy