{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-8181","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-07-25T08:22:27.222Z","datePublished":"2025-07-26T07:02:07.845Z","dateUpdated":"2025-07-28T15:05:51.551Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-07-26T07:02:07.845Z"},"title":"TOTOLINK N600R/X2000R FTP Service vsftpd.conf least privilege violation","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-272","lang":"en","description":"Least Privilege Violation"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-266","lang":"en","description":"Incorrect Privilege Assignment"}]}],"affected":[{"vendor":"TOTOLINK","product":"N600R","versions":[{"version":"1.0.0.1","status":"affected"}],"modules":["FTP Service"]},{"vendor":"TOTOLINK","product":"X2000R","versions":[{"version":"1.0.0.1","status":"affected"}],"modules":["FTP Service"]}],"descriptions":[{"lang":"en","value":"A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file vsftpd.conf of the component FTP Service. The manipulation leads to least privilege violation. It is possible to initiate the attack remotely."},{"lang":"de","value":"Es wurde eine kritische Schwachstelle in TOTOLINK N600R and X2000R 1.0.0.1 gefunden. Es betrifft eine unbekannte Funktion der Datei vsftpd.conf der Komponente FTP Service. Durch die Manipulation mit unbekannten Daten kann eine least privilege violation-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":8.6,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X","baseSeverity":"HIGH"}},{"cvssV3_1":{"version":"3.1","baseScore":7.2,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R","baseSeverity":"HIGH"}},{"cvssV3_0":{"version":"3.0","baseScore":7.2,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R","baseSeverity":"HIGH"}},{"cvssV2_0":{"version":"2.0","baseScore":8.3,"vectorString":"AV:N/AC:L/Au:M/C:C/I:C/A:C/E:ND/RL:ND/RC:UR"}}],"timeline":[{"time":"2025-07-25T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-07-25T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-07-25T10:29:29.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"TPCchecker (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.317595","name":"VDB-317595 | TOTOLINK N600R/X2000R FTP Service vsftpd.conf least privilege violation","tags":["vdb-entry"]},{"url":"https://vuldb.com/?ctiid.317595","name":"VDB-317595 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.621966","name":"Submit #621966 | TOTOLINK N600R V4.3.0 Misconfiguration","tags":["third-party-advisory"]},{"url":"https://vuldb.com/?submit.621968","name":"Submit #621968 | TOTOLINK X2000R V1.0.0 Misconfiguration (Duplicate)","tags":["third-party-advisory"]},{"url":"https://www.notion.so/23a54a1113e780c08f3acca6a746d732","tags":["related"]},{"url":"https://www.totolink.net/","tags":["product"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-07-28T15:05:38.418732Z","id":"CVE-2025-8181","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-07-28T15:05:51.551Z"}}]}}