CVE-2025-60262
Unknown Unknown - Not Provided

Misconfigured vsftpd in H3C Devices Allows Root Access

Vulnerability report for CVE-2025-60262, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-01-06

Last updated on: 2026-01-06

Assigner: MITRE

Description

An issue in H3C M102G HM1A0V200R010 wireless controller and BA1500L SWBA1A0V100R006 wireless access point, there is a misconfiguration vulnerability about vsftpd. Through this vulnerability, all files uploaded anonymously via the FTP protocol is automatically owned by the root user and remote attackers could gain root-level control over the devices.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-01-06
Last Modified
2026-01-06
Generated
2026-07-06
AI Q&A
2026-01-06
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
h3c m102g_hm1a0v200r010 *
h3c ba1500l_swba1a0v100r006 *
unknown_vendor vsftpd *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-276 During installation, installed file permissions are set to allow anyone to modify those files.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a misconfiguration issue in H3C M102G HM1A0V200R010 wireless controller and BA1500L SWBA1A0V100R006 wireless access point related to vsftpd. It causes all files uploaded anonymously via the FTP protocol to be automatically owned by the root user, allowing remote attackers to gain root-level control over the affected devices.

Impact Analysis

The vulnerability can allow remote attackers to gain root-level control over the affected devices, which means they can fully control the device, potentially leading to unauthorized access, data theft, device manipulation, or disruption of services.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-60262. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart