We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-8181

TOTOLINK N600R/X2000R FTP Service vsftpd.conf least privilege violation



Description

EN DE

A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file vsftpd.conf of the component FTP Service. The manipulation leads to least privilege violation. It is possible to initiate the attack remotely.

Es wurde eine kritische Schwachstelle in TOTOLINK N600R and X2000R 1.0.0.1 gefunden. Es betrifft eine unbekannte Funktion der Datei vsftpd.conf der Komponente FTP Service. Durch die Manipulation mit unbekannten Daten kann eine least privilege violation-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen.

Reserved 2025-07-25 | Published 2025-07-26 | Updated 2025-07-26 | Assigner VulDB


HIGH: 8.6CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X
HIGH: 7.2CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R
HIGH: 7.2CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R
8.3AV:N/AC:L/Au:M/C:C/I:C/A:C/E:ND/RL:ND/RC:UR

Problem types

Least Privilege Violation

Incorrect Privilege Assignment

Product status

1.0.0.1
affected

1.0.0.1
affected

Timeline

2025-07-25:Advisory disclosed
2025-07-25:VulDB entry created
2025-07-25:VulDB entry last update

Credits

TPCchecker (VulDB User) reporter

References

vuldb.com/?id.317595 (VDB-317595 | TOTOLINK N600R/X2000R FTP Service vsftpd.conf least privilege violation) vdb-entry

vuldb.com/?ctiid.317595 (VDB-317595 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/?submit.621966 (Submit #621966 | TOTOLINK N600R V4.3.0 Misconfiguration) third-party-advisory

vuldb.com/?submit.621968 (Submit #621968 | TOTOLINK X2000R V1.0.0 Misconfiguration (Duplicate)) third-party-advisory

www.notion.so/23a54a1113e780c08f3acca6a746d732 related

www.totolink.net/ product

cve.org (CVE-2025-8181)

nvd.nist.gov (CVE-2025-8181)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-8181

Support options

Helpdesk Chat, Email, Knowledgebase