Ac1200 T8
Monthly
Least-privilege violation in TOTOLINK AC1200 T8 firmware 4.1.5cu.8611 exposes the vsftpd FTP service to unauthorized integrity manipulation by low-privileged authenticated network users. The /etc/vsftpd.conf configuration grants excessive permissions beyond the principle of least privilege (CWE-272), allowing a low-privilege authenticated attacker to perform write operations they should not be authorized to execute. A proof-of-concept exploit has been publicly disclosed; the vulnerability is not confirmed in CISA KEV, but the CVSS temporal vector (E:P, RC:R) reflects publicly available exploit code with reasonable confidence in the report.
Least-privilege violation in TOTOLINK AC1200 T8 firmware 4.1.5cu.8611 exposes the vsftpd FTP service to unauthorized integrity manipulation by low-privileged authenticated network users. The /etc/vsftpd.conf configuration grants excessive permissions beyond the principle of least privilege (CWE-272), allowing a low-privilege authenticated attacker to perform write operations they should not be authorized to execute. A proof-of-concept exploit has been publicly disclosed; the vulnerability is not confirmed in CISA KEV, but the CVSS temporal vector (E:P, RC:R) reflects publicly available exploit code with reasonable confidence in the report.