CVE-2026-11554: TOTOLINK CP450 vsftpd vsftpd.conf least privilege violation

Published Jun 8, 2026

Updated

A vulnerability was determined in TOTOLINK CP450 4.1.0cu.747. This vulnerability affects unknown code of the file /etc/vsftpd.conf of the component vsftpd. This manipulation causes least privilege violation. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.

Affected Software

2 affected components

TOTOLINK TOTOLINK CP450=4.1.0cu.747

vsftpd

Event History

Jun 8, 2026

CVE Published

via MITRE·05:30 PM

Data Sourced

via MITRE·05:30 PM

DescriptionSeverityWeakness

Data Sourced

via NVD·06:16 PM

DescriptionSeverityWeakness

Frequently Asked Questions

What is the severity of CVE-2026-11554?

CVE-2026-11554 has a medium severity score of 4.3.

How does CVE-2026-11554 impact the TOTOLINK CP450?

CVE-2026-11554 allows a least privilege violation in the vsftpd configuration which can be exploited remotely.

How can I fix CVE-2026-11554?

To fix CVE-2026-11554, ensure that the vsftpd configuration is properly secured and review the permissions set within /etc/vsftpd.conf.

Is exploitation of CVE-2026-11554 easy?

Yes, exploitation of CVE-2026-11554 can be initiated remotely and has been publicly disclosed.

What component is affected by CVE-2026-11554?

CVE-2026-11554 affects the vsftpd component within the TOTOLINK CP450.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.