CVE-2026-11554 PUBLISHED

A vulnerability was determined in TOTOLINK CP450 4.1.0cu.747. This vulnerability affects unknown code of the file /etc/vsftpd.conf of the component vsftpd. This manipulation causes least privilege violation. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.

• L-14 (VulDB User) reporter

• VDB-369164 | TOTOLINK CP450 vsftpd vsftpd.conf least privilege violation
• VDB-369164 | CTI Indicators (IOB, IOC, TTP, IOA)
• CVE-2026-11554 | CVE Analysis and Report
• Submit #834821 | TOTOLink CP450 V4.1.0cu.747 Misconfiguration
• https://www.notion.so/TOTOLink-CP450-V4-1-0cu-747-3671f5ba989080c3b39ac3984d2ff44d?source=copy_link
• https://www.totolink.net/

• Least Privilege Violation CWE
• Incorrect Privilege Assignment CWE