Medium severity5.3NVD Advisory· Published Jun 9, 2026

CVE-2026-11620

Description

A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation results in least privilege violation. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.

Affected products

Totolink/EX200llm-fuzzy
Range: = 4.0.3c.7646

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

vuldb.com/cve/CVE-2026-11620nvd
vuldb.com/submit/834825nvd
vuldb.com/vuln/369301nvd
vuldb.com/vuln/369301/ctinvd
www.notion.so/TOTOLink-EX200-V4-0-3c-7646_B20201211-3671f5ba989080ccaa41d9f76fb1906bnvd
www.totolink.netnvd

News mentions

Totolink Routers: Three vsftpd Least Privilege Vulnerabilities Disclosed
Vypr Intelligence · Jun 9, 2026

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000