TOTOLINK EX200 vsftpd vsftpd.conf least privilege violation_CVE-2026-11620

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Description

A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation results in least privilege violation. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.

Basic Information

ID CVE-2026-11620

Source VulDB

Published Jun 9, 2026 at 02:45

Affected Product

Vendor TOTOLINK

Product EX200

Version 4.0.3c.7646

Affected Versions TOTOLINK EX200 4.0.3c.7646

CWE Classification

CWE-272 CWE-266

References

{
    "lastseen": "",
    "description": "A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation results in least privilege violation. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.",
    "published": "2026-06-09T02:45:10.490Z",
    "modified": "2026-06-09T02:45:10.490Z",
    "type": "cve",
    "title": "TOTOLINK EX200 vsftpd vsftpd.conf least privilege violation",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/369301\nhttps://vuldb.com/vuln/369301/cti\nhttps://vuldb.com/cve/CVE-2026-11620\nhttps://vuldb.com/submit/834825\nhttps://www.notion.so/TOTOLink-EX200-V4-0-3c-7646_B20201211-3671f5ba989080ccaa41d9f76fb1906b?source=copy_link\nhttps://www.totolink.net/",
    "id": "CVE-2026-11620",
    "bulletinFamily": "",
    "cwe": [
        "CWE-272",
        "CWE-266"
    ],
    "cvelist": null,
    "sourceData": "TOTOLINK EX200 4.0.3c.7646",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "EX200",
    "version": "4.0.3c.7646",
    "vendor": "TOTOLINK",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}