In TOTOLink A7100RU V7.4, A950RG V5.9, and T10 V5.9, the chroot_local_user option is enabled in the vsftpd.conf. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal network attacks.
CVSS
No CVSS.
References
| Link | Resource |
|---|---|
| http://totolink.com | Broken Link |
| https://gist.github.com/TPCchecker/d7306649f51ca25e22dd6532546a58f3 | Broken Link |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
History
07 Aug 2025, 17:58
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://totolink.com - Broken Link | |
| References | () https://gist.github.com/TPCchecker/d7306649f51ca25e22dd6532546a58f3 - Broken Link | |
| First Time |
Totolink a950rg Firmware
Totolink t10 Totolink a7100ru Firmware Totolink t10 Firmware Totolink a7100ru Totolink a950rg Totolink |
|
| CPE | cpe:2.3:h:totolink:t10:-:*:*:*:*:*:*:* cpe:2.3:o:totolink:a950rg_firmware:5.9:*:*:*:*:*:*:* cpe:2.3:o:totolink:a7100ru_firmware:7.4:*:*:*:*:*:*:* cpe:2.3:o:totolink:t10_firmware:5.9:*:*:*:*:*:*:* cpe:2.3:h:totolink:a950rg:-:*:*:*:*:*:*:* cpe:2.3:h:totolink:a7100ru:-:*:*:*:*:*:*:* |
21 Jul 2025, 16:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-07-21 16:15
Updated : 2025-08-07 17:58
NVD link : CVE-2025-44655
Mitre link : CVE-2025-44655
JSON object : View
Products Affected
totolink
- a7100ru
- a950rg_firmware
- a950rg
- a7100ru_firmware
- t10_firmware
- t10
CWE
No CWE.