Security Flaw in TOTOLINK AC1200 T8 Network Device
CVE-2026-11494
Key Information:
Badges
What is CVE-2026-11494?
A security vulnerability has been identified in the TOTOLINK AC1200 T8 device, specifically within the vsftpd component where improper configuration of the /etc/vsftpd.conf file could allow a remote attacker to exploit least privilege violations. This could potentially lead to unauthorized access or manipulation of system functions. The exploit for this flaw has been publicly disclosed, highlighting the importance of applying necessary security measures to safeguard network devices against such vulnerabilities.
Affected Version(s)
AC1200 T8 4.1.5cu.8611
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
