CVE-2026-15204 in X5000Rinfo

Summary

by MITRE • 07/09/2026

A vulnerability was detected in TOTOLINK X5000R 9.1.0cu.2415_B20250515/9.1.0cu.2350_B20230313. Affected by this vulnerability is the function exportOvpn of the file /web/cgi-bin/cstecgi.cgi of the component OpenVPN Export. The manipulation results in path traversal. The attack may be launched remotely.

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 07/09/2026

This vulnerability affects the TOTOLINK X5000R router firmware versions 9.1.0cu.2415_B20250515 and 9.1.0cu.2350_B20230313 where a path traversal flaw exists in the OpenVPN Export functionality. The vulnerability is located within the exportOvpn function of the /web/cgi-bin/cstecgi.cgi file, which allows unauthorized remote access to sensitive system files through improper input validation. This type of vulnerability falls under CWE-22 Path Traversal and represents a critical security weakness that can enable attackers to access arbitrary files on the device's filesystem.

The technical implementation of this flaw occurs when the exportOvpn function fails to properly sanitize user-supplied input parameters before using them in file system operations. Attackers can exploit this by crafting malicious requests that manipulate path traversal sequences such as ../ or ..\ to navigate outside the intended directory boundaries and access protected configuration files, system logs, or other sensitive data. The remote attack vector means that an unauthenticated attacker can potentially exploit this vulnerability from outside the network without requiring physical access or prior authentication.

The operational impact of this vulnerability is severe as it allows attackers to extract confidential information from the router's internal storage. This includes but is not limited to OpenVPN configuration files that may contain encryption keys, user credentials, and network topology information. The exposure of such data can lead to further attacks including unauthorized network access, man-in-the-middle attacks, or complete compromise of the device's administrative functions. The vulnerability also enables potential privilege escalation scenarios where attackers might gain deeper system access through the extraction of sensitive configuration files.

Mitigation strategies for this vulnerability should include immediate firmware updates from TOTOLINK to address the path traversal flaw in the OpenVPN Export component. Network administrators should implement strict firewall rules to restrict access to the affected CGI interface and consider disabling unnecessary services such as OpenVPN export functionality if not required. Additionally, monitoring network traffic for suspicious path traversal attempts and implementing input validation measures can help detect and prevent exploitation attempts. Organizations should also conduct regular security assessments of their network infrastructure to identify similar vulnerabilities in other network devices and apply the principle of least privilege to limit access to critical system functions.

This vulnerability aligns with attack techniques described in the MITRE ATT&CK framework under T1213 Data from Information Repositories and T1566 Phishing, as attackers may use the extracted information to launch further attacks or create more sophisticated social engineering campaigns. The weakness demonstrates how inadequate input validation in web applications can lead to critical privilege escalation scenarios and represents a common pattern seen in embedded device security vulnerabilities that require proper sanitization of user inputs before file system operations are performed.

Responsible

VulDB

Disclosure

07/09/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!