{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-8181", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-07-25T08:22:27.222Z", "datePublished": "2025-07-26T07:02:07.845Z", "dateUpdated": "2025-07-28T15:05:51.551Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-07-26T07:02:07.845Z"}, "title": "TOTOLINK N600R/X2000R FTP Service vsftpd.conf least privilege violation", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-272", "lang": "en", "description": "Least Privilege Violation"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-266", "lang": "en", "description": "Incorrect Privilege Assignment"}]}], "affected": [{"vendor": "TOTOLINK", "product": "N600R", "versions": [{"version": "1.0.0.1", "status": "affected"}], "modules": ["FTP Service"]}, {"vendor": "TOTOLINK", "product": "X2000R", "versions": [{"version": "1.0.0.1", "status": "affected"}], "modules": ["FTP Service"]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file vsftpd.conf of the component FTP Service. The manipulation leads to least privilege violation. It is possible to initiate the attack remotely."}, {"lang": "de", "value": "Es wurde eine kritische Schwachstelle in TOTOLINK N600R and X2000R 1.0.0.1 gefunden. Es betrifft eine unbekannte Funktion der Datei vsftpd.conf der Komponente FTP Service. Durch die Manipulation mit unbekannten Daten kann eine least privilege violation-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.6, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X", "baseSeverity": "HIGH"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.2, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 8.3, "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C/E:ND/RL:ND/RC:UR"}}], "timeline": [{"time": "2025-07-25T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-07-25T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-07-25T10:29:29.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "TPCchecker (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.317595", "name": "VDB-317595 | TOTOLINK N600R/X2000R FTP Service vsftpd.conf least privilege violation", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.317595", "name": "VDB-317595 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.621966", "name": "Submit #621966 | TOTOLINK N600R V4.3.0 Misconfiguration", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/?submit.621968", "name": "Submit #621968 | TOTOLINK X2000R V1.0.0 Misconfiguration (Duplicate)", "tags": ["third-party-advisory"]}, {"url": "https://www.notion.so/23a54a1113e780c08f3acca6a746d732", "tags": ["related"]}, {"url": "https://www.totolink.net/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-28T15:05:38.418732Z", "id": "CVE-2025-8181", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-28T15:05:51.551Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-8181", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-28T15:05:38.418732Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-28T15:05:44.541Z"}}], "cna": {"title": "TOTOLINK N600R/X2000R FTP Service vsftpd.conf least privilege violation", "credits": [{"lang": "en", "type": "reporter", "value": "TPCchecker (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.6, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 8.3, "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C/E:ND/RL:ND/RC:UR"}}], "affected": [{"vendor": "TOTOLINK", "modules": ["FTP Service"], "product": "N600R", "versions": [{"status": "affected", "version": "1.0.0.1"}]}, {"vendor": "TOTOLINK", "modules": ["FTP Service"], "product": "X2000R", "versions": [{"status": "affected", "version": "1.0.0.1"}]}], "timeline": [{"lang": "en", "time": "2025-07-25T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-07-25T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-07-25T10:29:29.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.317595", "name": "VDB-317595 | TOTOLINK N600R/X2000R FTP Service vsftpd.conf least privilege violation", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.317595", "name": "VDB-317595 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.621966", "name": "Submit #621966 | TOTOLINK N600R V4.3.0 Misconfiguration", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/?submit.621968", "name": "Submit #621968 | TOTOLINK X2000R V1.0.0 Misconfiguration (Duplicate)", "tags": ["third-party-advisory"]}, {"url": "https://www.notion.so/23a54a1113e780c08f3acca6a746d732", "tags": ["related"]}, {"url": "https://www.totolink.net/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file vsftpd.conf of the component FTP Service. The manipulation leads to least privilege violation. It is possible to initiate the attack remotely."}, {"lang": "de", "value": "Es wurde eine kritische Schwachstelle in TOTOLINK N600R and X2000R 1.0.0.1 gefunden. Es betrifft eine unbekannte Funktion der Datei vsftpd.conf der Komponente FTP Service. Durch die Manipulation mit unbekannten Daten kann eine least privilege violation-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-272", "description": "Least Privilege Violation"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-266", "description": "Incorrect Privilege Assignment"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-07-26T07:02:07.845Z"}}}, "cveMetadata": {"cveId": "CVE-2025-8181", "state": "PUBLISHED", "dateUpdated": "2025-07-28T15:05:51.551Z", "dateReserved": "2025-07-25T08:22:27.222Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-07-26T07:02:07.845Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:totolink:n600r_firmware:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "E6F787DA-3643-4387-8B87-7C8581DC55FB", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:totolink:n600r:-:*:*:*:*:*:*:*", "matchCriteriaId": "601C2FBE-B584-40B9-BBD7-7BF2A14CA694", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:totolink:x2000r_firmware:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "002D7907-83F1-4400-869A-5FAD4ECA4BE4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:totolink:x2000r:-:*:*:*:*:*:*:*", "matchCriteriaId": "299F34FB-4D53-4846-B6F0-4431D61B5154", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file vsftpd.conf of the component FTP Service. The manipulation leads to least privilege violation. It is possible to initiate the attack remotely."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad clasificada como cr\u00edtica en TOTOLINK N600R y X2000R 1.0.0.1. Esta afecta a una parte desconocida del archivo vsftpd.conf del componente Servicio FTP. La manipulaci\u00f3n provoca una violaci\u00f3n del m\u00ednimo privilegio. El ataque puede ejecutarse en remoto."}], "id": "CVE-2025-8181", "lastModified": "2025-10-09T19:40:44.513", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "MULTIPLE", "availabilityImpact": "COMPLETE", "baseScore": 8.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 6.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-07-26T07:15:26.830", "references": [{"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.317595"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.317595"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.621966"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.621968"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.notion.so/23a54a1113e780c08f3acca6a746d732"}, {"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://www.totolink.net/"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-266"}, {"lang": "en", "value": "CWE-272"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"created": "2025-07-28T12:45:48.539960+00:00", "updated": "2025-07-28T12:45:48.540038+00:00", "vendors": ["totolink", "totolink$PRODUCT$n600r", "totolink$PRODUCT$x2000r"]}