Back to VulnFeed / CVE-2026-11620
root@hackertop:~/vulnfeed/CVE-2026-11620#
CVE-2026-11620 MEDIUM CVE ⚠ Unpatched · Zero-day◉ PoC 公开 Lifecycle 4/7

TOTOLINK EX200 4.0.3c.7646 vsftpd /etc/vsftpd.conf least privilege violation

EX200 4.0.3c.7646 26d ago Impact pending confirmation
LIFECYCLE
4.8 CVSS
Vulnerability Detail Mitigation Lifecycle CVSS Assessment
Vulnerability Description
A vulnerability has been found in TOTOLINK EX200 4.0.3c.7646 and classified as critical. Affected by this vulnerability is some unknown functionality of the file /etc/vsftpd.conf of the component vsftpd. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Root Cause Analysis
The CWE definition for the vulnerability is CWE-272. The elevated privilege level required to perform operations such as chroot() should be dropped immediately after the operation is performed.

Impact: As an impact it is known to affect integrity.

Exploit: It is possible to download the exploit at notion.so. It is declared as proof-of-concept.

Countermeasure: There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Validation (PoC/EXP) - Looking for Contributors
No public PoC yet

Public validation traces already exist. Community contributors can extend them with richer reproduction content.

Contribute Your PoC/EXP
Log in to contribute PoC/EXP content. Log in
Back to VulnFeed
CVE-2026-11620 · CVSS 4.8 · Active Threat