CVE-2026-11620
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk26th percentile - higher than 26% of all known CVEs
Summary
A security flaw has been discovered in TOTOLINK EX200 version 4.0.3c.7646 in the file /etc/vsftpd.conf of the vsftpd component. Manipulation of this file results in least privilege violation.
Risk Assessment
This vulnerability can be exploited for remote attacks, posing a serious threat to the organization's security.
Recommendation
It is recommended to update the software to the latest version and monitor the system for unauthorized changes to the configuration file.
Original NVD description (English source)
A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation results in least privilege violation. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.

