PT-2026-1438 · Vsftpd+1 · Vsftpd+2

Published

2026-01-06

Updated

2026-02-12

CVE-2025-60262

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions H3C M102G HM1A0V200R010 wireless controller H3C BA1500L SWBA1A0V100R006 wireless access point

Description A misconfiguration exists in the vsftpd component of the affected devices. This allows remote attackers to gain root-level control over the devices by exploiting the FTP protocol. Specifically, any file uploaded anonymously via FTP is automatically assigned root ownership.

Recommendations For H3C M102G HM1A0V200R010 wireless controller, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For H3C BA1500L SWBA1A0V100R006 wireless access point, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

CVE-2025-60262

Affected Products

H3C Ba1500L Swba1A0V100R006

H3C M102G Hm1A0V200R010

Vsftpd

PT-2026-1438 · Vsftpd+1 · Vsftpd+2

CVE-2025-60262

Weakness Enumeration

Related Identifiers

Affected Products

References · 11