Cp450
Monthly
Least privilege violation in TOTOLINK CP450 router firmware 4.1.0cu.747 allows low-privileged remote attackers to perform unauthorized integrity-affecting actions via the vsftpd FTP service, whose configuration in /etc/vsftpd.conf grants excessive permissions beyond operational necessity. The vulnerability carries a low CVSS 4.0 score of 2.1, reflecting constrained impact limited to low integrity effects on the vulnerable system with no confidentiality or availability consequence. A publicly available proof-of-concept exploit exists, and no CISA KEV listing has been confirmed, indicating no known active widespread exploitation at time of analysis.
Least privilege violation in TOTOLINK CP450 router firmware 4.1.0cu.747 allows low-privileged remote attackers to perform unauthorized integrity-affecting actions via the vsftpd FTP service, whose configuration in /etc/vsftpd.conf grants excessive permissions beyond operational necessity. The vulnerability carries a low CVSS 4.0 score of 2.1, reflecting constrained impact limited to low integrity effects on the vulnerable system with no confidentiality or availability consequence. A publicly available proof-of-concept exploit exists, and no CISA KEV listing has been confirmed, indicating no known active widespread exploitation at time of analysis.