CVE-2025-8181
8.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X
Summary
A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file vsftpd.conf of the component FTP Service. The manipulation leads to least privilege violation. It is possible to initiate the attack remotely.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| TOTOLINK | N600R | 1.0.0.1 | affected |
| TOTOLINK | X2000R | 1.0.0.1 | affected |
Weaknesses
- CWE-272: Least Privilege Violation
- CWE-266: Incorrect Privilege Assignment
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://vuldb.com/?id.317595
- https://vuldb.com/?ctiid.317595
- https://vuldb.com/?submit.621966
- https://vuldb.com/?submit.621968
- https://www.notion.so/23a54a1113e780c08f3acca6a746d732
- https://www.totolink.net/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.