PatchSiren cyber security CVE debrief
CVE-2026-11620 TOTOLINK CVE debrief
A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation results in least privilege violation. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.
- Vendor
- TOTOLINK
- Product
- EX200
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-09
Who should care
Users of TOTOLINK EX200 4.0.3c.7646
Technical summary
The vulnerability affects the vsftpd component of TOTOLINK EX200 4.0.3c.7646, specifically an unknown function of the file /etc/vsftpd.conf. The vulnerability allows for a least privilege violation and can be exploited remotely.
Defensive priority
Medium
Recommended defensive actions
- Apply patches or updates provided by the vendor to fix the vulnerability.
- Restrict access to the vsftpd component to prevent remote exploitation.
- Monitor the system for suspicious activity.
Evidence notes
The vulnerability has been publicly disclosed and an exploit has been released.
Official resources
CVE-2026-11620 was published on 2026-06-09T03:16:26.043Z and modified on 2026-06-09T13:33:34.393Z.