CVE-2026-11494

Deferred Deferred - Pending Action

Privilege Escalation in TOTOLINK AC1200 T8 Firmware

Publication date: 2026-06-08

Last updated on: 2026-06-09

Assigner: VulDB

Description

A security vulnerability has been detected in TOTOLINK AC1200 T8 4.1.5cu.8611. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation leads to least privilege violation. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-06-08

Last Modified

2026-06-09

Generated

2026-06-29

AI Q&A

2026-06-08

EPSS Evaluated

2026-06-27

NVD

CVE-2026-11494

EUVD

EUVD-2026-35025

Affected Vendors & Products

Vendor	Product	Version / Range
totolink	ac1200_t8	4.1.5cu.8611

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-266	A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
CWE-272	The elevated privilege level required to perform operations such as chroot() should be dropped immediately after the operation is performed.

Attack-Flow Graph

Executive Summary

This vulnerability exists in the TOTOLINK AC1200 T8 device, specifically in an unknown function related to the file /etc/vsftpd.conf within the vsftpd component. It allows an attacker to perform a least privilege violation, meaning they can gain higher privileges than intended. The attack can be initiated remotely, and the exploit has been publicly disclosed.

Compliance Impact

The provided information does not specify how the vulnerability in TOTOLINK AC1200 T8 affects compliance with common standards and regulations such as GDPR or HIPAA.

Impact Analysis

The vulnerability can lead to a least privilege violation, which means an attacker could gain unauthorized elevated access to the system. Since the attack can be performed remotely, it increases the risk of unauthorized control or manipulation of the affected device.

Detection Guidance

This vulnerability affects the /etc/vsftpd.conf file in TOTOLINK AC1200 T8 4.1.5cu.8611 devices. Detection would involve checking the version of the device firmware and inspecting the vsftpd configuration file for unauthorized or suspicious changes.

Since the vulnerability involves a least privilege violation in vsftpd, you can check the vsftpd version and configuration remotely or locally.

Use SSH or telnet to access the device and run: cat /etc/vsftpd.conf to review the configuration.
Check the firmware version of the device to confirm if it is 4.1.5cu.8611 or affected: for example, use commands or device interface to display firmware version.
Monitor network traffic for unusual FTP activity that could indicate exploitation attempts.

Mitigation Strategies

Immediate mitigation steps include restricting remote access to the affected device, especially FTP services, to trusted networks only.

Update the device firmware if a patch or newer version is available from the vendor to fix the vulnerability.

Review and harden the vsftpd configuration file (/etc/vsftpd.conf) to ensure least privilege principles are enforced.

Monitor logs and network traffic for signs of exploitation and respond accordingly.

Hi! I’m here to help you understand CVE-2026-11494. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70