CVE-2025-60262

CRITICAL
2026-01-06 [email protected]
9.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
PoC Detected
Jan 29, 2026 - 01:36 vuln.today
Public exploit code
CVE Published
Jan 06, 2026 - 16:15 nvd
CRITICAL 9.8

Tags

Privilege Escalation Mc102 G Firmware Magic Ba1500l Firmware

Description

An issue in H3C M102G HM1A0V200R010 wireless controller and BA1500L SWBA1A0V100R006 wireless access point, there is a misconfiguration vulnerability about vsftpd. Through this vulnerability, all files uploaded anonymously via the FTP protocol is automatically owned by the root user and remote attackers could gain root-level control over the devices.

Analysis

H3C wireless controllers (M102G) and access points (BA1500L) have a vsftpd misconfiguration that grants root ownership to anonymously uploaded FTP files. Attackers can upload malicious files that execute with root privileges, gaining full device control.

Technical Context

The vsftpd FTP server is misconfigured (CWE-276) to run as root and assign root ownership to anonymously uploaded files. On embedded Linux networking devices, uploading a cron job, startup script, or replacing a system binary with root ownership achieves persistent remote code execution.

Affected Products

H3C M102G HM1A0V200R010 wireless controller, H3C BA1500L SWBA1A0V100R006 wireless access point

Remediation

Disable anonymous FTP access. Configure vsftpd to run as a non-root user. Apply vendor firmware updates when available.

Priority Score

69
Low Medium High Critical
KEV: 0
EPSS: +0.2
CVSS: +49
POC: +20

Share

CVE-2025-60262 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy