CVE-2025-8181 — Incorrect Privilege Assignment in N600r

CWE-266 — Incorrect Privilege Assignment CWE-272 — Least Privilege Violation3 documents3 sources

Severity

8.6HIGHNVD

EPSS

0.5%

top 36.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Totolink N600r Totolink X2000r Totolink N600r Firmware +1 more

Timeline

PublishedJul 26

Description

A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file vsftpd.conf of the component FTP Service. The manipulation leads to least privilege violation. It is possible to initiate the attack remotely.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages4 packages

▶CVEListV5totolink/n600r1.0.0.1

▶CVEListV5totolink/x2000r1.0.0.1

▶NVDtotolink/n600r_firmware4.3.0

▶NVDtotolink/x2000r_firmware1.0.0

🔴Vulnerability Details

CVEList

TOTOLINK N600R/X2000R FTP Service vsftpd.conf least privilege violation↗2025-07-26

▶

GHSA

GHSA-2j2w-6vxv-4p23: A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1↗2025-07-26

▶