PatchSiren cyber security CVE debrief
CVE-2026-11494 TOTOLINK CVE debrief
A security vulnerability has been detected in TOTOLINK AC1200 T8 4.1.5cu.8611. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation leads to least privilege violation. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
- Vendor
- TOTOLINK
- Product
- AC1200 T8
- CVSS
- LOW 2.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-09
Who should care
Users of TOTOLINK AC1200 T8 4.1.5cu.8611 should be aware of this vulnerability and take necessary precautions.
Technical summary
The vulnerability is located in the vsftpd component of TOTOLINK AC1200 T8 4.1.5cu.8611, specifically in the /etc/vsftpd.conf file. The vulnerability allows for a least privilege violation, which can be exploited remotely.
Defensive priority
Low
Recommended defensive actions
- Update to the latest version of TOTOLINK AC1200 T8 if available.
- Restrict access to the /etc/vsftpd.conf file.
- Monitor for suspicious activity on the vsftpd component.
Evidence notes
The vulnerability has been disclosed publicly and may be used. The CVSS score is 2.1, indicating a low severity.
Official resources
TOTOLINK AC1200 T8 4.1.5cu.8611 vsftpd Security Vulnerability