CVE-2026-11494 | THREATINT

Description

A security vulnerability has been detected in TOTOLINK AC1200 T8 4.1.5cu.8611. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation leads to least privilege violation. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.

PUBLISHED Reserved 2026-06-07 | Published 2026-06-08 | Updated 2026-06-08 | Assigner VulDB

MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

MEDIUM: 4.3CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

4.0AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR

Problem types

Least Privilege Violation

Incorrect Privilege Assignment

Product status

4.1.5cu.8611

affected

Timeline

2026-06-07:	Advisory disclosed
2026-06-07:	VulDB entry created
2026-06-07:	VulDB entry last update

Credits

L-14 (VulDB User) reporter

References

vuldb.com/vuln/369114 (VDB-369114 | TOTOLINK AC1200 T8 vsftpd vsftpd.conf least privilege violation) vdb-entry

vuldb.com/vuln/369114/cti (VDB-369114 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/cve/CVE-2026-11494 (CVE-2026-11494 | CVE Analysis and Report) third-party-advisory

vuldb.com/submit/834819 (Submit #834819 | TOTOLink AC1200T8 V4.1.5cu.8611 Misconfiguration) third-party-advisory

www.notion.so/...ba989080a6aa03e6adbdd1d104?source=copy_link exploit

www.totolink.net/ product

cve.org (CVE-2026-11494)

nvd.nist.gov (CVE-2026-11494)

Download JSON