Sign-up

ID

VAR-202507-2611


CVE

CVE-2025-8181


TITLE

TOTOLINK  of  n600r  firmware and  x2000r  Vulnerability regarding improper permission settings in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-015843

DESCRIPTION

A vulnerability, which was classified as critical, was found in TOTOLINK N600R and X2000R 1.0.0.1. This affects an unknown part of the file vsftpd.conf of the component FTP Service. The manipulation leads to least privilege violation. It is possible to initiate the attack remotely. TOTOLINK of n600r firmware and x2000r The firmware contains vulnerabilities related to improper permission settings and violations of least privilege.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2025-8181 // JVNDB: JVNDB-2025-015843

AFFECTED PRODUCTS

vendor:totolinkmodel:n600rscope:eqversion:4.3.0

Trust: 1.0

vendor:totolinkmodel:x2000rscope:eqversion:1.0.0

Trust: 1.0

vendor:totolinkmodel:x2000rscope: - version: -

Trust: 0.8

vendor:totolinkmodel:n600rscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2025-015843 // NVD: CVE-2025-8181

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-8181
value: HIGH

Trust: 1.0

OTHER: JVNDB-2025-015843
value: HIGH

Trust: 0.8

cna@vuldb.com: CVE-2025-8181
severity: HIGH
baseScore: 8.3
vectorString: AV:N/AC:L/AU:M/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-015843
severity: HIGH
baseScore: 8.3
vectorString: AV:N/AC:L/AU:M/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2025-8181
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-015843
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2025-015843 // NVD: CVE-2025-8181

PROBLEMTYPE DATA

problemtype:CWE-272

Trust: 1.0

problemtype:CWE-266

Trust: 1.0

problemtype:Improper permission settings (CWE-266) [ others ]

Trust: 0.8

problemtype: Violation of least privilege (CWE-272) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-015843 // NVD: CVE-2025-8181

EXTERNAL IDS

db:NVDid:CVE-2025-8181

Trust: 2.6

db:VULDBid:317595

Trust: 1.8

db:JVNDBid:JVNDB-2025-015843

Trust: 0.8

sources: JVNDB: JVNDB-2025-015843 // NVD: CVE-2025-8181

REFERENCES

url:https://vuldb.com/?id.317595

Trust: 1.8

url:https://vuldb.com/?submit.621966

Trust: 1.8

url:https://vuldb.com/?submit.621968

Trust: 1.8

url:https://www.notion.so/23a54a1113e780c08f3acca6a746d732

Trust: 1.8

url:https://www.totolink.net/

Trust: 1.8

url:https://vuldb.com/?ctiid.317595

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-8181

Trust: 0.8

sources: JVNDB: JVNDB-2025-015843 // NVD: CVE-2025-8181

SOURCES

db:JVNDBid:JVNDB-2025-015843
db:NVDid:CVE-2025-8181

LAST UPDATE DATE

2025-10-15T23:34:20.439000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2025-015843date:2025-10-14T03:23:00
db:NVDid:CVE-2025-8181date:2025-10-09T19:40:44.513

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2025-015843date:2025-10-14T00:00:00
db:NVDid:CVE-2025-8181date:2025-07-26T07:15:26.830