TOTOLINK N600R/X2000R FTP Service vsftpd.conf least privilege violation_CVE-2025-8181

8.6 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X

Description

A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file vsftpd.conf of the component FTP Service. The manipulation leads to least privilege violation. It is possible to initiate the attack remotely.

Basic Information

ID CVE-2025-8181

Source VulDB

Published Jul 26, 2025 at 07:02

Modified Jul 28, 2025 at 15:05

Affected Product

Vendor TOTOLINK

Product N600R

Version 1.0.0.1

Affected Versions TOTOLINK N600R 1.0.0.1
TOTOLINK X2000R 1.0.0.1

CWE Classification

CWE-272 CWE-266

References

{
    "lastseen": "",
    "description": "A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file vsftpd.conf of the component FTP Service. The manipulation leads to least privilege violation. It is possible to initiate the attack remotely.",
    "published": "2025-07-26T07:02:07.845Z",
    "modified": "2025-07-28T15:05:51.551Z",
    "type": "cve",
    "title": "TOTOLINK N600R/X2000R FTP Service vsftpd.conf least privilege violation",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.317595\nhttps://vuldb.com/?ctiid.317595\nhttps://vuldb.com/?submit.621966\nhttps://vuldb.com/?submit.621968\nhttps://www.notion.so/23a54a1113e780c08f3acca6a746d732\nhttps://www.totolink.net/",
    "id": "CVE-2025-8181",
    "bulletinFamily": "",
    "cwe": [
        "CWE-272",
        "CWE-266"
    ],
    "cvelist": null,
    "sourceData": "TOTOLINK N600R 1.0.0.1\nTOTOLINK X2000R 1.0.0.1",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "N600R",
    "version": "1.0.0.1",
    "vendor": "TOTOLINK",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}