Least Privilege Violation in TOTOLINK N600R and X2000R FTP Services
CVE-2025-8181

8.6HIGH

Key Information:

Vendor

Totolink
Status
N600r
X2000r
Vendor
CVE Published:
26 July 2025

What is CVE-2025-8181?

A security weakness has been identified in the FTP Services of both TOTOLINK N600R and X2000R devices due to improper configuration in the vsftpd.conf file. This vulnerability allows attackers to exploit least privilege violations, facilitating unauthorized access and control over the affected devices. The attack can be performed remotely, heightening its severity and the urgency for affected users to implement security measures and patches.

Affected Version(s)

N600R 1.0.0.1

X2000R 1.0.0.1

References

https://vuldb.com/?id.317595
vdb-entry
https://vuldb.com/?ctiid.317595
signaturepermissions-required
https://vuldb.com/?submit.621966
third-party-advisory

CVSS V4

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

TPCchecker (VulDB User)
JSON
.