CVE-2026-11494
Deferred Deferred - Pending Action
Privilege Escalation in TOTOLINK AC1200 T8 Firmware

Publication date: 2026-06-08

Last updated on: 2026-06-08

Assigner: VulDB

Description
A security vulnerability has been detected in TOTOLINK AC1200 T8 4.1.5cu.8611. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation leads to least privilege violation. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-08
Last Modified
2026-06-08
Generated
2026-06-08
AI Q&A
2026-06-08
EPSS Evaluated
N/A
NVD
CVE-2026-11494
EUVD
EUVD-2026-35025
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
totolink ac1200_t8 4.1.5cu.8611
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
CWE-272 The elevated privilege level required to perform operations such as chroot() should be dropped immediately after the operation is performed.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the TOTOLINK AC1200 T8 device, specifically in an unknown function related to the file /etc/vsftpd.conf within the vsftpd component. It allows an attacker to perform a least privilege violation, meaning they can gain higher privileges than intended. The attack can be initiated remotely, and the exploit has been publicly disclosed.

Compliance Impact

The provided information does not specify how the vulnerability in TOTOLINK AC1200 T8 affects compliance with common standards and regulations such as GDPR or HIPAA.

Impact Analysis

The vulnerability can lead to a least privilege violation, which means an attacker could gain unauthorized elevated access to the system. Since the attack can be performed remotely, it increases the risk of unauthorized control or manipulation of the affected device.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-11494. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart