CVE-2026-11620

TOTOLINK EX200 vsftpd vsftpd.conf least privilege violation

CVSS 6.9 MEDIUMEPSS 0.3%CWE-266 CWE-272

A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation results in least privilege violation. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Productos afectados

TOTOLINK · EX200

PoCs públicas encontradas — 1

cve_referencewww.notion.so/TOTOLink-EX200-V4-0-3c-7646_B20201211-3671f5ba989080ccaa41d9f76fb1906b?source=copy_linkno verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://vuldb.com/cve/CVE-2026-11620 https://vuldb.com/submit/834825 https://vuldb.com/vuln/369301 https://vuldb.com/vuln/369301/cti https://www.notion.so/TOTOLink-EX200-V4-0-3c-7646_B20201211-3671f5ba989080ccaa41d9f76fb1906b?source=copy_link https://www.totolink.net/