CVE-2026-11620

A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation results in least privilege violation. It is possible to launch the attack remotely. The exploit has been released to the publi...

CVE-2026-11494

A security vulnerability has been detected in TOTOLINK AC1200 T8 4.1.5cu.8611. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation leads to least privilege violation. The attack may be initiated remotely. The exploit has been disclosed publicly...

CVE-2026-11620

A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation results in least privilege violation. It is possible to launch the attack remotely. The exploit has been released to the publi...

CVE-2026-11554 TOTOLINK CP450 vsftpd vsftpd.conf least privilege violation

A vulnerability was determined in TOTOLINK CP450 4.1.0cu.747. This vulnerability affects unknown code of the file /etc/vsftpd.conf of the component vsftpd. This manipulation causes least privilege violation. The attack may be initiated remotely. The exploit has been publicly disclosed and may be...

EUVD-2026-35177

A vulnerability was determined in TOTOLINK CP450 4.1.0cu.747. This vulnerability affects unknown code of the file /etc/vsftpd.conf of the component vsftpd. This manipulation causes least privilege violation. The attack may be initiated remotely. The exploit has been publicly disclosed and may be...

CVE-2026-11494 TOTOLINK AC1200 T8 vsftpd vsftpd.conf least privilege violation

A security vulnerability has been detected in TOTOLINK AC1200 T8 4.1.5cu.8611. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation leads to least privilege violation. The attack may be initiated remotely. The exploit has been disclosed publicly...

CVE-2026-11494

CVE-2026-11494 affects TOTOLINK AC1200 T8 firmware 4.1.5cu.8611, specifically an issue in the /etc/vsftpd.conf configuration of the vsftpd component. The described vulnerability arises from manipulation of the vsftpd.conf-related function, resulting in a least privilege violation. The advisory in...

CVE-2026-11492 D-Link DIR-823G vsftpd vsftpd.conf least privilege violation

A security flaw has been discovered in D-Link DIR-823G 1.0.2B05. The affected element is an unknown function of the file /etc/vsftpd.conf of the component vsftpd. Performing a manipulation results in least privilege violation. The attack can be initiated remotely. The exploit has been released to...

EUVD-2025-22120

Malicious code in bioql PyPI...

CVE-2025-8181

A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file vsftpd.conf of the component FTP Service. The manipulation leads to least privilege violation. It is possible to initiate the attack remotely...

TOTOLINK N600R和TOTOLINK X2000R 安全漏洞

TOTOLINK N600R and TOTOLINK X2000R are both wireless routers from China's Gion Electronics TOTOLINK. A security vulnerability exists in the TOTOLINK N600R and TOTOLINK X2000R version 1.0.0.1, which originates in the file vsftpd.conf resulting in a privilege violation...

CVE-2025-44654

In Linksys E2500 3.0.04.002, the chrootlocaluser option is enabled in the vsftpd configuration file. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal network attacks...

CVE-2025-44654

In Linksys E2500 3.0.04.002, the chrootlocaluser option is enabled in the vsftpd configuration file. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal network attacks...

CVE-2025-44657

In Linksys EA6350 V2.1.2, the chrootlocaluser option is enabled in the dynamically generated vsftpd configuration file. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal network attacks...

CVE-2025-44657

In Linksys EA6350 V2.1.2, the chrootlocaluser option is enabled in the dynamically generated vsftpd configuration file. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal network attacks...

CVE-2025-44654

In Linksys E2500 3.0.04.002, the chrootlocaluser option is enabled in the vsftpd configuration file. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal network attacks...

PT-2025-30293 · Totolink · Totolink A950Rg +2

Name of the Vulnerable Software and Affected Versions: TOTOLink A7100RU versions 7.4 TOTOLink A950RG versions 5.9 TOTOLink T10 versions 5.9 Description: The chroot local user option is enabled in the vsftpd.conf file. This configuration could allow unauthorized access to system files, privilege...

PT-2025-30294 · Vsftpd +1 · Vsftpd +1

Name of the Vulnerable Software and Affected Versions: Linksys EA6350 version 2.1.2 Description: The chroot local user option is enabled in the dynamically generated vsftpd configuration file. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised...

CVE-2025-44654

CVE-2025-44654 affects Linksys E2500 ( firmware 3.0.04.002). The vulnerability stems from the vsftpd configuration’s chroot_local_user option being enabled, which could enable unauthorized access to system files, privilege escalation, or use of the compromised router as a pivot inside the network...

CVE-2025-44655

The CVE-2025-44655 entry affects TOTOLink devices (A7100RU V7.4, A950RG V5.9, T10 V5.9). The root cause is that chroot_local_user is enabled in vsftpd.conf, which can permit unauthorized access to system files, privilege escalation, or use of the compromised device as a pivot point for internal n...