CVE-2025-60262
Unknown Unknown - Not Provided
Misconfigured vsftpd in H3C Devices Allows Root Access

Publication date: 2026-01-06

Last updated on: 2026-01-06

Assigner: MITRE

Description
An issue in H3C M102G HM1A0V200R010 wireless controller and BA1500L SWBA1A0V100R006 wireless access point, there is a misconfiguration vulnerability about vsftpd. Through this vulnerability, all files uploaded anonymously via the FTP protocol is automatically owned by the root user and remote attackers could gain root-level control over the devices.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-06
Last Modified
2026-01-06
Generated
2026-06-16
AI Q&A
2026-01-06
EPSS Evaluated
2026-06-14
NVD
CVE-2025-60262
EUVD
EUVD-2026-1000
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
h3c m102g_hm1a0v200r010 *
h3c ba1500l_swba1a0v100r006 *
unknown_vendor vsftpd *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-276 During installation, installed file permissions are set to allow anyone to modify those files.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a misconfiguration issue in H3C M102G HM1A0V200R010 wireless controller and BA1500L SWBA1A0V100R006 wireless access point related to vsftpd. It causes all files uploaded anonymously via the FTP protocol to be automatically owned by the root user, allowing remote attackers to gain root-level control over the affected devices.

Impact Analysis

The vulnerability can allow remote attackers to gain root-level control over the affected devices, which means they can fully control the device, potentially leading to unauthorized access, data theft, device manipulation, or disruption of services.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-60262. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart