CVE-2025-60262 – A vsftpd misconfiguration vulnerability in H3C ... (How to Fix)

Q: What is the severity of CVE-2025-60262?

CVE-2025-60262 has a CVSS score of 9.8 (CRITICAL). A vsftpd misconfiguration vulnerability in H3C wireless devices allows anonymous FTP uploads to be owned by the root user. Remote attackers can exploit this to gain root-level control over affected devices. This affects H3C M102G wireless controllers and BA1500L wireless access points.

📋 TL;DR

A vsftpd misconfiguration vulnerability in H3C wireless devices allows anonymous FTP uploads to be owned by the root user. Remote attackers can exploit this to gain root-level control over affected devices. This affects H3C M102G wireless controllers and BA1500L wireless access points.

💻 Affected Systems

Products:

H3C M102G wireless controller
H3C BA1500L wireless access point

Versions: HM1A0V200R010 for M102G, SWBA1A0V100R006 for BA1500L

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with vsftpd enabled in default configuration. Anonymous FTP access appears to be enabled by default.

📦 What is this software?

Magic Ba1500l Firmware by H3c

View all CVEs affecting Magic Ba1500l Firmware →

Mc102 G Firmware by H3c

View all CVEs affecting Mc102 G Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise with root-level access, allowing attackers to install persistent backdoors, exfiltrate sensitive data, pivot to internal networks, or render devices inoperable.

🟠

Likely Case

Attackers gain root access to vulnerable devices, enabling them to modify configurations, intercept network traffic, and potentially compromise connected wireless clients.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to the affected device only, preventing lateral movement to other systems.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only anonymous FTP access and basic knowledge of FTP commands. No authentication or special tools needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available in provided references

Restart Required: No

Instructions:

1. Check H3C official security advisories for patches. 2. If patch available, download from H3C support portal. 3. Apply patch following vendor instructions. 4. Verify vsftpd configuration is corrected.

🔧 Temporary Workarounds

Disable anonymous FTP access

linux

Modify vsftpd configuration to disable anonymous login

Edit /etc/vsftpd.conf or equivalent config file
Set anonymous_enable=NO
Restart vsftpd service

Disable vsftpd service

linux

Completely disable FTP service if not required

systemctl stop vsftpd
systemctl disable vsftpd
Remove vsftpd package if possible

🧯 If You Can't Patch

Network segmentation: Isolate affected devices in separate VLAN with strict firewall rules
Access control: Block FTP ports (20,21) at network perimeter and internal firewalls

🔍 How to Verify

Check if Vulnerable:

Test anonymous FTP access: ftp [device_ip] with username 'anonymous' and any password. If login successful and uploads possible, device is vulnerable.

Check Version:

Check device web interface or CLI for firmware version: show version or equivalent command

Verify Fix Applied:

Attempt anonymous FTP login after applying fixes. Successful login should be denied. Check vsftpd configuration for anonymous_enable=NO.

📡 Detection & Monitoring

Log Indicators:

Anonymous FTP login attempts in vsftpd logs
File uploads via anonymous FTP sessions
Root-owned files created via FTP

Network Indicators:

FTP traffic to affected devices on ports 20/21
Anonymous FTP login attempts from external IPs

SIEM Query:

source="vsftpd.log" AND "anonymous" AND ("LOGIN" OR "UPLOAD")

📊 Metadata

CVE ID: CVE-2025-60262

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-276

EPSS Score: 0.17% exploit probability (38.5th percentile)

Published: January 6, 2026

Last Updated: January 29, 2026

🔗 References

https://www.notion.so/23e54a1113e780d686fbe1624ee0465d Exploit,Third Party Advisory
https://www.notion.so/Misconfiguration-in-H3C-23e54a1113e780d686fbe1624ee0465d Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-60262, you might also want to check these: