CVE-2026-15271

Summary

A security vulnerability has been detected in TOTOLINK A3000RU, A3100R, A950RG, AC1200T10, CP450, CS185R_T10 and EX200 up to 20260906. Affected by this issue is some unknown functionality of the file /etc/boa/boa.conf of the component Web Interface. The manipulation leads to least privilege violation. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitation is known to be difficult.

Affected Software

VendorProductVersion RangeStatus
TOTOLINKA3000RU20260906affected
TOTOLINKA3100R20260906affected
TOTOLINKA950RG20260906affected
TOTOLINKAC1200T1020260906affected
TOTOLINKCP45020260906affected
TOTOLINKCS185R_T1020260906affected
TOTOLINKEX20020260906affected

Weaknesses

  • CWE-272: Least Privilege Violation
  • CWE-266: Incorrect Privilege Assignment

References