PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-15204 TOTOLINK CVE debrief

A vulnerability was detected in TOTOLINK X5000R 9.1.0cu.2415_B20250515/9.1.0cu.2350_B20230313. Affected by this vulnerability is the function exportOvpn of the file /web/cgi-bin/cstecgi.cgi of the component OpenVPN Export. The manipulation results in path traversal. The attack may be launched remotely. This vulnerability has a CVSS score of 5.5 and is classified as MEDIUM severity.

Vendor
TOTOLINK
Product
X5000R
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-09
Original CVE updated
2026-07-14
Advisory published
2026-07-09
Advisory updated
2026-07-14

Who should care

Users of TOTOLINK X5000R 9.1.0cu.2415_B20250515/9.1.0cu.2350_B20230313 should be aware of this vulnerability and take necessary actions to mitigate the risk. This includes applying the latest patches or updates from the vendor, limiting access to the /web/cgi-bin/cstecgi.cgi file and the OpenVPN Export component, and monitoring network traffic and system logs for suspicious activity.

Technical summary

The vulnerability is caused by a path traversal issue in the exportOvpn function of the /web/cgi-bin/cstecgi.cgi file in the OpenVPN Export component of TOTOLINK X5000R 9.1.0cu.2415_B20250515/9.1.0cu.2350_B20230313. This allows remote attackers to manipulate the file path and potentially access sensitive information. The vulnerability has a CVSS score of 5.5 and is classified as MEDIUM severity. Users of TOTOLINK X5000R 9.1.0cu.2415_B20250515/9.1.0cu.2350_B20230313 should verify the affected scope and take necessary actions to mitigate the risk, including applying patches or updates from the vendor, limiting access to the /web/cgi-bin/cstecgi.cgi file and the OpenVPN Export component, and monitoring network traffic and system logs for suspicious activity.

Defensive priority

Medium priority should be given to patching or mitigating this vulnerability, as it has a CVSS score of 5.5 and is classified as MEDIUM severity.

Recommended defensive actions

  • Apply the latest patches or updates from the vendor to fix the vulnerability.
  • Limit access to the /web/cgi-bin/cstecgi.cgi file and the OpenVPN Export component.
  • Monitor network traffic and system logs for suspicious activity.
  • Consider implementing additional security controls, such as web application firewalls or intrusion detection systems.
  • Review compensating controls for exposed systems while remediation is scheduled and verified.
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review.
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented.

Evidence notes

The CVE record was published on 2026-07-09T18:16:51.647Z and has not been modified since. The NVD entry is currently Deferred. There is limited information available about the vulnerability, and defenders should verify the affected scope and severity with the vendor. The OpenVPN Export component of TOTOLINK X5000R 9.1.0cu.2415_B20250515/9.1.0cu.2350_B20230313 is affected by a path traversal vulnerability.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-09T18:16:51.647Z and has not been modified since.