Home

Description

A security vulnerability has been detected in TOTOLINK A3000RU, A3100R, A950RG, AC1200T10, CP450, CS185R_T10 and EX200 up to 20260906. Affected by this issue is some unknown functionality of the file /etc/boa/boa.conf of the component Web Interface. The manipulation leads to least privilege violation. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitation is known to be difficult.

PUBLISHED Reserved 2026-07-09 | Published 2026-07-09 | Updated 2026-07-10 | Assigner VulDB




HIGH: 7.7CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X
HIGH: 7.5CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R
HIGH: 7.5CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R
7.1AV:N/AC:H/Au:S/C:C/I:C/A:C/E:ND/RL:ND/RC:UR

Problem types

Least Privilege Violation

Incorrect Privilege Assignment

Product status

20260906
affected

20260906
affected

20260906
affected

20260906
affected

20260906
affected

20260906
affected

20260906
affected

Timeline

2026-07-09:Advisory disclosed
2026-07-09:VulDB entry created
2026-07-09:VulDB entry last update

Credits

L-14 (VulDB User) reporter

References

vuldb.com/vuln/377214 (VDB-377214 | TOTOLINK EX200 Web boa.conf least privilege violation) vdb-entry

vuldb.com/vuln/377214/cti (VDB-377214 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/cve/CVE-2026-15271 (CVE-2026-15271 | CVE Analysis and Report) third-party-advisory

vuldb.com/submit/852316 (Submit #852316 | TOTOLink A3000RU A3000RU V5.9c.5185 Misconfiguration in A3000RU) third-party-advisory

vuldb.com/submit/852317 (Submit #852317 | TOTOLink A3100R A3100R V4.1.2cu.5050 Misconfiguration in A3100R (Duplicate)) third-party-advisory

vuldb.com/submit/852318 (Submit #852318 | TOTOLink AC1200T10 V2 AC1200T10 V2 V4.1.8cu.5207 Misconfiguration in AC1200T10 V2 (Duplicate)) third-party-advisory

vuldb.com/submit/852319 (Submit #852319 | TOTOLink CP450 CP450 V4.1.0cu.747 Misconfiguration in CP450 (Duplicate)) third-party-advisory

vuldb.com/submit/852320 (Submit #852320 | TOTOLink CS185R_T10 CS185R_T10 V5.9c.1485 Misconfiguration in CS185R_T10 (Duplicate)) third-party-advisory

vuldb.com/submit/852321 (Submit #852321 | TOTOLink EX200 EX200 V4.0.3c.7646 Misconfiguration in EX200 (Duplicate)) third-party-advisory

vuldb.com/submit/852323 (Submit #852323 | TOTOLink A950RG A950RG V5.9c.4592 Misconfiguration in A950RG (Duplicate)) third-party-advisory

app.notion.com/...a989080d38bb6ca58b2a98c64?source=copy_link related

www.totolink.net/ product

cve.org (CVE-2026-15271)

nvd.nist.gov (CVE-2026-15271)

Download JSON