Linksys E2500 vsftpd Misconfiguration Vulnerability Allowing Unauthorized Access and Privilege Escalation

Vulnerability

A vulnerability exists in the Linksys E2500 router running firmware version 3.0.04.002, where the vsftpd FTP server is configured with the 'chroot_local_user' option enabled. This misconfiguration can result in unauthorized access to system files, potential privilege escalation, or exploitation of the compromised device as a pivot point for attacks within the internal network.

Impact

The vulnerability could lead to unauthorized access to system files, allowing for privilege escalation or misuse of the compromised server to launch attacks on other devices within the internal network.

Added: Jul 21, 2025, 6:22 PM

Updated: Jul 21, 2025, 6:22 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

5.0

exploitability

4.9

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

5.0

exploitability

4.9

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linksys E2500 vsftpd Misconfiguration Vulnerability Allowing Unauthorized Access and Privilege Escalation

Vulnerability

Impact

Affected Products

Linksys E2500

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating