Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for CS185R_T10 by TOTOLINK

    CVE-2026-15271 (GCVE-0-2026-15271)

    Vulnerability from nvd – Published: 2026-07-09 21:30 – Updated: 2026-07-09 21:30
    VLAI
    Title
    TOTOLINK EX200 Web boa.conf least privilege violation
    Summary
    A security vulnerability has been detected in TOTOLINK A3000RU, A3100R, A950RG, AC1200T10, CP450, CS185R_T10 and EX200 up to 20260906. Affected by this issue is some unknown functionality of the file /etc/boa/boa.conf of the component Web Interface. The manipulation leads to least privilege violation. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitation is known to be difficult.
    CWE
    • CWE-272 - Least Privilege Violation
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    Impacted products
    Vendor Product Version
    TOTOLINK A3000RU Affected: 20260906
        cpe:2.3:a:totolink:a3000ru:*:*:*:*:*:*:*:*
    Create a notification for this product.
    TOTOLINK A3100R Affected: 20260906
        cpe:2.3:a:totolink:a3100r:*:*:*:*:*:*:*:*
    Create a notification for this product.
    TOTOLINK A950RG Affected: 20260906
        cpe:2.3:a:totolink:a950rg:*:*:*:*:*:*:*:*
    Create a notification for this product.
    TOTOLINK AC1200T10 Affected: 20260906
        cpe:2.3:a:totolink:ac1200t10:*:*:*:*:*:*:*:*
    Create a notification for this product.
    TOTOLINK CP450 Affected: 20260906
        cpe:2.3:a:totolink:cp450:*:*:*:*:*:*:*:*
    Create a notification for this product.
    TOTOLINK CS185R_T10 Affected: 20260906
        cpe:2.3:a:totolink:cs185r_t10:*:*:*:*:*:*:*:*
    Create a notification for this product.
    TOTOLINK EX200 Affected: 20260906
        cpe:2.3:a:totolink:ex200:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    L-14 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:totolink:a3000ru:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Web Interface"
              ],
              "product": "A3000RU",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "20260906"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:totolink:a3100r:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Web Interface"
              ],
              "product": "A3100R",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "20260906"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:totolink:a950rg:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Web Interface"
              ],
              "product": "A950RG",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "20260906"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:totolink:ac1200t10:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Web Interface"
              ],
              "product": "AC1200T10",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "20260906"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:totolink:cp450:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Web Interface"
              ],
              "product": "CP450",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "20260906"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:totolink:cs185r_t10:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Web Interface"
              ],
              "product": "CS185R_T10",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "20260906"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:totolink:ex200:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Web Interface"
              ],
              "product": "EX200",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "20260906"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "L-14 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in TOTOLINK A3000RU, A3100R, A950RG, AC1200T10, CP450, CS185R_T10 and EX200 up to 20260906. Affected by this issue is some unknown functionality of the file /etc/boa/boa.conf of the component Web Interface. The manipulation leads to least privilege violation. The attack may be initiated remotely. The attack\u0027s complexity is rated as high. The exploitation is known to be difficult."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.1,
                "vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C/E:ND/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-272",
                  "description": "Least Privilege Violation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T21:30:10.629Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-377214 | TOTOLINK EX200 Web boa.conf least privilege violation",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/vuln/377214"
            },
            {
              "name": "VDB-377214 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/377214/cti"
            },
            {
              "name": "CVE-2026-15271 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-15271"
            },
            {
              "name": "Submit #852316 | TOTOLink A3000RU A3000RU V5.9c.5185 Misconfiguration in A3000RU",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/852316"
            },
            {
              "name": "Submit #852317 | TOTOLink A3100R A3100R V4.1.2cu.5050 Misconfiguration in A3100R (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/852317"
            },
            {
              "name": "Submit #852318 | TOTOLink AC1200T10 V2 AC1200T10 V2 V4.1.8cu.5207 Misconfiguration in AC1200T10 V2 (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/852318"
            },
            {
              "name": "Submit #852319 | TOTOLink CP450 CP450 V4.1.0cu.747 Misconfiguration in CP450 (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/852319"
            },
            {
              "name": "Submit #852320 | TOTOLink CS185R_T10 CS185R_T10 V5.9c.1485 Misconfiguration in CS185R_T10 (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/852320"
            },
            {
              "name": "Submit #852321 | TOTOLink EX200 EX200 V4.0.3c.7646 Misconfiguration in EX200 (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/852321"
            },
            {
              "name": "Submit #852323 | TOTOLink A950RG A950RG V5.9c.4592 Misconfiguration in A950RG (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/852323"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://app.notion.com/p/A3000RU-V5-9c-5185-37a1f5ba989080d38bb6ca58b2a98c64?source=copy_link"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.totolink.net/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-09T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-09T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-09T16:58:55.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK EX200 Web boa.conf least privilege violation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-15271",
        "datePublished": "2026-07-09T21:30:10.629Z",
        "dateReserved": "2026-07-09T14:50:16.412Z",
        "dateUpdated": "2026-07-09T21:30:10.629Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15271 (GCVE-0-2026-15271)

    Vulnerability from cvelistv5 – Published: 2026-07-09 21:30 – Updated: 2026-07-09 21:30
    VLAI
    Title
    TOTOLINK EX200 Web boa.conf least privilege violation
    Summary
    A security vulnerability has been detected in TOTOLINK A3000RU, A3100R, A950RG, AC1200T10, CP450, CS185R_T10 and EX200 up to 20260906. Affected by this issue is some unknown functionality of the file /etc/boa/boa.conf of the component Web Interface. The manipulation leads to least privilege violation. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitation is known to be difficult.
    CWE
    • CWE-272 - Least Privilege Violation
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    Impacted products
    Vendor Product Version
    TOTOLINK A3000RU Affected: 20260906
        cpe:2.3:a:totolink:a3000ru:*:*:*:*:*:*:*:*
    Create a notification for this product.
    TOTOLINK A3100R Affected: 20260906
        cpe:2.3:a:totolink:a3100r:*:*:*:*:*:*:*:*
    Create a notification for this product.
    TOTOLINK A950RG Affected: 20260906
        cpe:2.3:a:totolink:a950rg:*:*:*:*:*:*:*:*
    Create a notification for this product.
    TOTOLINK AC1200T10 Affected: 20260906
        cpe:2.3:a:totolink:ac1200t10:*:*:*:*:*:*:*:*
    Create a notification for this product.
    TOTOLINK CP450 Affected: 20260906
        cpe:2.3:a:totolink:cp450:*:*:*:*:*:*:*:*
    Create a notification for this product.
    TOTOLINK CS185R_T10 Affected: 20260906
        cpe:2.3:a:totolink:cs185r_t10:*:*:*:*:*:*:*:*
    Create a notification for this product.
    TOTOLINK EX200 Affected: 20260906
        cpe:2.3:a:totolink:ex200:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    L-14 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:totolink:a3000ru:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Web Interface"
              ],
              "product": "A3000RU",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "20260906"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:totolink:a3100r:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Web Interface"
              ],
              "product": "A3100R",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "20260906"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:totolink:a950rg:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Web Interface"
              ],
              "product": "A950RG",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "20260906"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:totolink:ac1200t10:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Web Interface"
              ],
              "product": "AC1200T10",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "20260906"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:totolink:cp450:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Web Interface"
              ],
              "product": "CP450",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "20260906"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:totolink:cs185r_t10:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Web Interface"
              ],
              "product": "CS185R_T10",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "20260906"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:totolink:ex200:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Web Interface"
              ],
              "product": "EX200",
              "vendor": "TOTOLINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "20260906"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "L-14 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in TOTOLINK A3000RU, A3100R, A950RG, AC1200T10, CP450, CS185R_T10 and EX200 up to 20260906. Affected by this issue is some unknown functionality of the file /etc/boa/boa.conf of the component Web Interface. The manipulation leads to least privilege violation. The attack may be initiated remotely. The attack\u0027s complexity is rated as high. The exploitation is known to be difficult."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.1,
                "vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C/E:ND/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-272",
                  "description": "Least Privilege Violation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T21:30:10.629Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-377214 | TOTOLINK EX200 Web boa.conf least privilege violation",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/vuln/377214"
            },
            {
              "name": "VDB-377214 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/377214/cti"
            },
            {
              "name": "CVE-2026-15271 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-15271"
            },
            {
              "name": "Submit #852316 | TOTOLink A3000RU A3000RU V5.9c.5185 Misconfiguration in A3000RU",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/852316"
            },
            {
              "name": "Submit #852317 | TOTOLink A3100R A3100R V4.1.2cu.5050 Misconfiguration in A3100R (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/852317"
            },
            {
              "name": "Submit #852318 | TOTOLink AC1200T10 V2 AC1200T10 V2 V4.1.8cu.5207 Misconfiguration in AC1200T10 V2 (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/852318"
            },
            {
              "name": "Submit #852319 | TOTOLink CP450 CP450 V4.1.0cu.747 Misconfiguration in CP450 (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/852319"
            },
            {
              "name": "Submit #852320 | TOTOLink CS185R_T10 CS185R_T10 V5.9c.1485 Misconfiguration in CS185R_T10 (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/852320"
            },
            {
              "name": "Submit #852321 | TOTOLink EX200 EX200 V4.0.3c.7646 Misconfiguration in EX200 (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/852321"
            },
            {
              "name": "Submit #852323 | TOTOLink A950RG A950RG V5.9c.4592 Misconfiguration in A950RG (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/852323"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://app.notion.com/p/A3000RU-V5-9c-5185-37a1f5ba989080d38bb6ca58b2a98c64?source=copy_link"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.totolink.net/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-09T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-09T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-09T16:58:55.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "TOTOLINK EX200 Web boa.conf least privilege violation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-15271",
        "datePublished": "2026-07-09T21:30:10.629Z",
        "dateReserved": "2026-07-09T14:50:16.412Z",
        "dateUpdated": "2026-07-09T21:30:10.629Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }