TOTOLINK CP450 vsftpd vsftpd.conf least privilege violation_CVE-2026-11554

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was determined in TOTOLINK CP450 4.1.0cu.747. This vulnerability affects unknown code of the file /etc/vsftpd.conf of the component vsftpd. This manipulation causes least privilege violation. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.

Basic Information

ID CVE-2026-11554

Source VulDB

Published Jun 8, 2026 at 17:30

Affected Product

Vendor TOTOLINK

Product CP450

Version 4.1.0cu.747

Affected Versions TOTOLINK CP450 4.1.0cu.747

CWE Classification

CWE-272 CWE-266

References

{
    "lastseen": "",
    "description": "A vulnerability was determined in TOTOLINK CP450 4.1.0cu.747. This vulnerability affects unknown code of the file /etc/vsftpd.conf of the component vsftpd. This manipulation causes least privilege violation. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.",
    "published": "2026-06-08T17:30:11.745Z",
    "modified": "2026-06-08T17:30:11.745Z",
    "type": "cve",
    "title": "TOTOLINK CP450 vsftpd vsftpd.conf least privilege violation",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/369164\nhttps://vuldb.com/vuln/369164/cti\nhttps://vuldb.com/cve/CVE-2026-11554\nhttps://vuldb.com/submit/834821\nhttps://www.notion.so/TOTOLink-CP450-V4-1-0cu-747-3671f5ba989080c3b39ac3984d2ff44d?source=copy_link\nhttps://www.totolink.net/",
    "id": "CVE-2026-11554",
    "bulletinFamily": "",
    "cwe": [
        "CWE-272",
        "CWE-266"
    ],
    "cvelist": null,
    "sourceData": "TOTOLINK CP450 4.1.0cu.747",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "CP450",
    "version": "4.1.0cu.747",
    "vendor": "TOTOLINK",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}