Vulnerabilities ›

CVE-2026-11620

Medium

CWE-266 — Weakness Type

                    Published: Jun 9, 2026                      ·  Modified: Jun 10, 2026                      ·  Source: NVD                

CVSS v3

5.3

🔗 NVD Official

📄 Description (English)

A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation results in least privilege violation. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.

🤖 AI Executive Summary

CVE-2026-11620 is a privilege escalation vulnerability in TOTOLINK EX200 router firmware version 4.0.3c.7646 affecting the vsftpd FTP service configuration. The flaw allows remote attackers to violate least privilege principles through manipulation of the /etc/vsftpd.conf file, with public exploits already available.

📄 Description (Arabic)

تؤثر هذه الثغرة على موجهات TOTOLINK EX200 الإصدار 4.0.3c.7646 وتسمح للمهاجمين البعيدين بتجاوز قيود الامتيازات من خلال التلاعب بملف إعدادات خدمة FTP. تم الإفراج عن استغلال عام لهذه الثغرة مما يزيد من خطر الهجمات الموجهة.

🤖 ملخص تنفيذي (AI)

A privilege escalation vulnerability exists in TOTOLIK EX200 router firmware that affects the vsftpd FTP service configuration file. Remote attackers can exploit this flaw to bypass privilege restrictions, and public exploits are currently available for this vulnerability.

🤖 AI Intelligence Analysis Analyzed: Jun 9, 2026 07:35

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

telecom government banking

🎯 MITRE ATT&CK Techniques

T1548.004 T1078.001 T1021.004

⚖️ Saudi Risk Score (AI)

6.0

/ 10.0

🔧 Remediation Steps (English)

Update TOTOLINK EX200 firmware to the latest patched version immediately. Disable FTP service if not required. Restrict network access to the router's management interface using firewall rules. Monitor vsftpd logs for suspicious activities. Implement network segmentation to limit exposure.

🔧 خطوات المعالجة (العربية)

قم بتحديث برنامج TOTOLINK EX200 إلى أحدث إصدار معدل فوراً. قم بتعطيل خدمة FTP إذا لم تكن مطلوبة. قيد الوصول إلى واجهة إدارة الموجه باستخدام قواعد جدار الحماية. راقب سجلات vsftpd للأنشطة المريبة. طبق تقسيم الشبكة لتقليل التعرض.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

2.1.1 2.2.1 2.3.1

🔵 SAMA CSF

ID.AM-2 PR.AC-1 PR.AC-4

🟡 ISO 27001:2022

A.9.1.1 A.9.2.1 A.9.4.1

🔗 References & Sources 6

🔗

https://vuldb.com/cve/CVE-2026-11620

cna@vuldb.com

🔗

https://vuldb.com/submit/834825

cna@vuldb.com

🔗

https://vuldb.com/vuln/369301

cna@vuldb.com

🔗

https://vuldb.com/vuln/369301/cti

cna@vuldb.com

🔗

https://www.notion.so/TOTOLink-EX200-V4-0-3c-7646_B20201211-3671f5ba989080ccaa41d9f76fb...

cna@vuldb.com

🔗

https://www.totolink.net/

cna@vuldb.com

📊 CVSS Score

5.3

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityN — None / Network

IntegrityL — Low / Local

AvailabilityN — None / Network

📋 Quick Facts

Severity Medium

CVSS Score5.3

CWECWE-266

EPSS0.10%

Exploit No

Patch ✗ No

Published 2026-06-09

Source Feed nvd

🇸🇦 Saudi Risk Score

6.0

/ 10.0 — Saudi Risk

Priority: MEDIUM

🏷️ Tags

CWE-266

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-11620

Introduce Yourself

Sign In Required