CVE Details
Basic Information
| Title | TOTOLINK N600R/X2000R FTP Service vsftpd.conf least privilege violation |
|---|---|
| Type | cve |
| Published | 2025-07-26T07:02:07.845Z |
| Modified | 2025-07-26T07:02:07.845Z |
Product Information
| Vendor | TOTOLINK |
|---|---|
| Product | N600R |
| Version | 1.0.0.1 |
CVSS Information
| Base Score | 8.6 (HIGH) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X |
AI Analysis
| AI Description | A critical vulnerability in TOTOLINK N600R and X2000R routers (version 1.0.0.1) allows remote attackers to bypass privilege restrictions in the FTP service configuration, potentially leading to unauthorized access. |
|---|---|
| AI Severity | High |
| AI Vendor | TOTOLINK |
| AI Product | TOTOLINK N600R, TOTOLINK X2000R |
| AI Version | 1.0.0.1 |
Affected Products
- TOTOLINK N600R 1.0.0.1
- TOTOLINK X2000R 1.0.0.1
Additional Information
| CWE List | CWE-272, CWE-266 |
|---|---|
| Source | VulDB |
Description
A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file vsftpd.conf of the component FTP Service. The manipulation leads to least privilege violation. It is possible to initiate the attack remotely.