Least Privilege Violation in TOTOLINK N600R and X2000R FTP Services
CVE-2025-8181

8.6HIGH

Key Information:

Vendor: Totolink
Status: N600r; X2000r
Vendor: CVE Published:; 26 July 2025

What is CVE-2025-8181?

A security weakness has been identified in the FTP Services of both TOTOLINK N600R and X2000R devices due to improper configuration in the vsftpd.conf file. This vulnerability allows attackers to exploit least privilege violations, facilitating unauthorized access and control over the affected devices. The attack can be performed remotely, heightening its severity and the urgency for affected users to implement security measures and patches.

Affected Version(s)

N600R 1.0.0.1

X2000R 1.0.0.1

References

https://vuldb.com/?id.317595

vdb-entry

https://vuldb.com/?ctiid.317595

signaturepermissions-required

https://vuldb.com/?submit.621966

third-party-advisory

CVSS V4

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 26, 2025
Vulnerability Reserved
Jul 25, 2025

Credit

TPCchecker (VulDB User)

Totolink

What is CVE-2025-8181?

Affected Version(s)

References

CVSS V4

Timeline

Credit