Primary

Context

TOTOLink Products Chroot Misconfiguration in vsftpd Leading to Privilege Escalation and Internal Network Attacks

Vulnerability

A vulnerability exists in TOTOLink A7100RU V7.4, A950RG V5.9, and T10 V5.9, where the 'chroot_local_user' option is enabled in the vsftpd configuration. This misconfiguration can result in unauthorized access to system files, privilege escalation, or the compromised server being used as a pivot point for attacks on the internal network.

Impact

Exploitation of this vulnerability could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal network attacks.

Added: Jul 21, 2025, 4:34 PM

Updated: Jul 21, 2025, 4:34 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

5.0

exploitability

4.9

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

5.0

exploitability

4.9

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TOTOLink Products Chroot Misconfiguration in vsftpd Leading to Privilege Escalation and Internal Network Attacks

Vulnerability

Impact

Affected Products

TOTOLink A7100RU

TOTOLink A950RG

TOTOLink T10

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating