CVE-2025-8181 HIGH

CVE-2025-8181: TOTOLINK N600R/X2000R FTP Service vsftpd.conf least privilege violation

Vendor Totolink
Product N600R
Weakness CWE-272
Published July 26, 2025
Last update July 28, 2025

CVSS base score

8.6/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X

What the vulnerability does

01Description

A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file vsftpd.conf of the component FTP Service. The manipulation leads to least privilege violation. It is possible to initiate the attack remotely.

Key dates

02Disclosure timeline

July 26, 2025 CVE published
July 28, 2025 Record updated