CVE-2026-11620

MEDIUM

TOTOLINK EX200 vsftpd vsftpd.conf least privilege violation

Title source: cna

Description

A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation results in least privilege violation. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.

References (6)

Core 6

Core References

Third Party Advisory third-party-advisory

CVE-2026-11620 | CVE Analysis and Report

https://vuldb.com/cve/CVE-2026-11620

Product product

https://www.totolink.net/

Vdb Entry vdb-entry

VDB-369301 | TOTOLINK EX200 vsftpd vsftpd.conf least privilege violation

https://vuldb.com/vuln/369301

Signature, Permissions Required signature permissions-required

VDB-369301 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/vuln/369301/cti

Third Party Advisory third-party-advisory

Submit #834825 | TOTOLink EX200 V4.0.3c.7646 Misconfiguration

https://vuldb.com/submit/834825

Exploit exploit

https://www.notion.so/TOTOLink-EX200-V4-0-3c-7646_B20201211-3671f5ba989080ccaa41d9f76fb1906b?source=copy_link

Scores

CVSS v3 5.3

EPSS 0.0029

EPSS Percentile 20.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-266 CWE-272

Status published

Products (1)

TOTOLINK/EX200 4.0.3c.7646

Published Jun 09, 2026

Tracked Since Jun 09, 2026