PT-2026-1438 · Vsftpd+1 · Vsftpd+2
Publicado
2026-01-06
·
Atualizado
2026-02-12
·
CVE-2025-60262
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
H3C M102G HM1A0V200R010 wireless controller
H3C BA1500L SWBA1A0V100R006 wireless access point
Description
A misconfiguration exists in the vsftpd component of the affected devices. This allows remote attackers to gain root-level control over the devices by exploiting the FTP protocol. Specifically, any file uploaded anonymously via FTP is automatically assigned root ownership.
Recommendations
For H3C M102G HM1A0V200R010 wireless controller, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
For H3C BA1500L SWBA1A0V100R006 wireless access point, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Incorrect Default Permissions
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
H3C Ba1500L Swba1A0V100R006
H3C M102G Hm1A0V200R010
Vsftpd