A3100R
Monthly
Least-privilege violation across multiple TOTOLINK SOHO router models (A3000RU, A3100R, A950RG, AC1200T10, CP450, CS185R_T10, EX200 through firmware 20260906) stems from the /etc/boa/boa.conf configuration of the Boa web-server interface, allowing a low-privileged remote actor to gain access or information beyond their intended authorization boundary. The flaw carries CVSS 4.0 base score 7.7 with high attack complexity, and VulDB rates real-world exploitation as difficult. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Least-privilege violation across multiple TOTOLINK SOHO router models (A3000RU, A3100R, A950RG, AC1200T10, CP450, CS185R_T10, EX200 through firmware 20260906) stems from the /etc/boa/boa.conf configuration of the Boa web-server interface, allowing a low-privileged remote actor to gain access or information beyond their intended authorization boundary. The flaw carries CVSS 4.0 base score 7.7 with high attack complexity, and VulDB rates real-world exploitation as difficult. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.