CVE-2026-11620 | THREATINT

Description

A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation results in least privilege violation. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.

PUBLISHED Reserved 2026-06-08 | Published 2026-06-09 | Updated 2026-06-09 | Assigner VulDB

MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

MEDIUM: 5.3CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

5.0AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR

Problem types

Least Privilege Violation

Incorrect Privilege Assignment

Product status

4.0.3c.7646

affected

Timeline

2026-06-08:	Advisory disclosed
2026-06-08:	VulDB entry created
2026-06-08:	VulDB entry last update

Credits

L-14 (VulDB User) reporter

References

vuldb.com/vuln/369301 (VDB-369301 | TOTOLINK EX200 vsftpd vsftpd.conf least privilege violation) vdb-entry

vuldb.com/vuln/369301/cti (VDB-369301 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/cve/CVE-2026-11620 (CVE-2026-11620 | CVE Analysis and Report) third-party-advisory

vuldb.com/submit/834825 (Submit #834825 | TOTOLink EX200 V4.0.3c.7646 Misconfiguration) third-party-advisory

www.notion.so/...ba989080ccaa41d9f76fb1906b?source=copy_link exploit

www.totolink.net/ product

cve.org (CVE-2026-11620)

nvd.nist.gov (CVE-2026-11620)

Download JSON