CVE-2026-11554— TOTOLINK CP450 vsftpd vsftpd.conf least privilege violation
Possible ATT&CK Techniques 1AI
T1078 · Valid AccountsGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-11554
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
TOTOLINK CP450 vsftpd vsftpd.conf least privilege violation
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability was determined in TOTOLINK CP450 4.1.0cu.747. This vulnerability affects unknown code of the file /etc/vsftpd.conf of the component vsftpd. This manipulation causes least privilege violation. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
最小特权原则违背
Source: NVD (National Vulnerability Database)
Vulnerability Title
TOTOLINK CP450 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
TOTOLINK CP450是中国吉翁电子(TOTOLINK)公司的一款户外无线客户终端设备。主要用于提供无线宽带接入服务,尤其适用于农村或偏远地区的无线网络覆盖。 TOTOLINK CP450 4.1.0cu.747版本存在安全漏洞,该漏洞源于vsftpd组件中/etc/vsftpd.conf文件的未知代码操作不当,可能导致违反最小权限原则。攻击者可远程发起攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-11554
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-11554
请登录查看更多情报信息。
Security Blog Posts for CVE-2026-11554 (1)
IV. Related Vulnerabilities
Same vendor: TOTOLINK
- CVE-2026-11620
TOTOLINK EX200 vsftpd vsftpd.conf least privilege violation - CVE-2026-11494
TOTOLINK AC1200 T8 vsftpd vsftpd.conf least privilege violat - CVE-2026-10187
Totolink N300RH Web Management wireless.so setWiFiBasicConfi - CVE-2026-9543
Totolink N300RH Web Management cstecgi.cgi setPasswordCfg os - CVE-2026-9534
Totolink CA750-PoE Setting cstecgi.cgi setWiFiWpsConfig os c
Same weakness: CWE-272
- CVE-2026-11620
TOTOLINK EX200 vsftpd vsftpd.conf least privilege violation - CVE-2026-11555
D-Link DGS-1100-08PD Web boa.conf least privilege violation - CVE-2026-11497
D-Link DCS-5615 Boa Webserver boa.conf least privilege viola - CVE-2026-11494
TOTOLINK AC1200 T8 vsftpd vsftpd.conf least privilege violat - CVE-2026-11492
D-Link DIR-823G vsftpd vsftpd.conf least privilege violation
V. Comments for CVE-2026-11554
No comments yet