CVE-2026-15271

HIGH

A security vulnerability has been detected in TOTOLINK A3000RU, A3100R, A950RG, AC1200T10, CP450, CS185R_T10 and EX200 up to 20260906. Affected by this issue is some unknown functionality of the fi...

CVSS 3.17.5
CVSS v47.7
EPSS0.4%
Percentile33th
PatchUnknown
CVSS Vector — Plain English Remotely exploitable over the network, high complexity, low privileges required, no user interaction needed, impact contained to the vulnerable component, full confidentiality impact, full integrity impact, full availability impact.
CWE Weakness Definitions
CWE-266: CWE-266
CWE-272: CWE-272
◆ SAGE Intelligence — CITED Relevance Research Team

A high severity vulnerability (CVE-2026-15271) affects the target system. A security vulnerability has been detected in TOTOLINK A3000RU, A3100R, A950RG, AC1200T10, CP450, CS185R_T10 and EX200 up to 20260906. Affected by this issue is some unknown functionality of the file /etc/boa/boa.conf of the component Web Interface. ...

Is this CVE in your environment?

BreachSpider monitors your ICS/OT environment for vulnerabilities like this one. No agents or network access required. Free to start.

Check My Environment →
Frequently Asked Questions
What is CVE-2026-15271?
A high severity vulnerability (CVE-2026-15271) affects the target system. A security vulnerability has been detected in TOTOLINK A3000RU, A3100R, A950RG, AC1200T10, CP450, CS185R_T10 and EX200 up to 20260906. Affected by this issue is some unknown functionality of the file /etc/boa/boa.conf of the component Web Interface. ...
What is the CVSS score for CVE-2026-15271?
CVE-2026-15271 has CVSS 7.5 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS: 0.4%.
Is CVE-2026-15271 actively exploited?
No confirmed active exploitation of CVE-2026-15271 as of 2026-07-10.
How do I remediate CVE-2026-15271?
Apply vendor patches for CVE-2026-15271. Monitor the vendor advisories.
Vulnerability Details
CVE IDCVE-2026-15271
CVSS VectorCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Published2026-07-09
Last Modified2026-07-09
Weakness (CWE)
SourceNVD
Official Description

A security vulnerability has been detected in TOTOLINK A3000RU, A3100R, A950RG, AC1200T10, CP450, CS185R_T10 and EX200 up to 20260906. Affected by this issue is some unknown functionality of the file /etc/boa/boa.conf of the component Web Interface. The manipulation leads to least privilege violation. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitation is known to be difficult.

Source: NIST NVD / MITRE CVE Database

Remediation

No patch URL on record. Monitor vendor security advisories directly.

Threat Intelligence
● Threat Intelligence Validated: July 2026 | Threat Age: 2 Days
CISA KEVNot in KEV catalog
Public ExploitNot confirmed
PoC CodeNot confirmed

ICS/OT Vulnerability Intelligence for Your Environment

BreachSpider monitors 353,228 CVEs across ICS/OT vendors. SAGE-enriched alerts with virtual patches, NERC-CIP mapping, and PSIRT contacts delivered to your SIEM in minutes.

Join free →