CVE-2026-11492 - Vulnerability Details

A security flaw has been discovered in D-Link DIR-823G 1.0.2B05. The affected element is an unknown function of the file /etc/vsftpd.conf of the component vsftpd. Performing a manipulation results in least privilege violation. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
D-link	Dir-823g
Dlink	Dir-823g Dir-823g Firmware

Configuration 1 [-]

AND

cpe:2.3:o:dlink:dir-823g_firmware:1.0.2b05:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-823g:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://vuldb.com/cve/CVE-2026-11492
https://vuldb.com/submit/834816
https://vuldb.com/vuln/369112
https://vuldb.com/vuln/369112/cti
https://www.dlink.com/
https://www.notion.so/D-Link-DIR823G-V1-0-2B05_20181207-3671f5ba989080ac97fdc36d2fb5e57d?source=copy_link

History

Tue, 09 Jun 2026 16:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Dlink Dlink dir-823g Dlink dir-823g Firmware
CPEs		cpe:2.3:h:dlink:dir-823g:-:::::::* cpe:2.3:o:dlink:dir-823g_firmware:1.0.2b05:::::::*
Vendors & Products		Dlink Dlink dir-823g Dlink dir-823g Firmware

Mon, 08 Jun 2026 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 08 Jun 2026 06:30:00 +0000

Type	Values Removed	Values Added
Description		A security flaw has been discovered in D-Link DIR-823G 1.0.2B05. The affected element is an unknown function of the file /etc/vsftpd.conf of the component vsftpd. Performing a manipulation results in least privilege violation. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.
Title		D-Link DIR-823G vsftpd vsftpd.conf least privilege violation
First Time appeared		D-link D-link dir-823g
Weaknesses		CWE-266 CWE-272
CPEs		cpe:2.3:h:d-link:dir-823g::::::::
Vendors & Products		D-link D-link dir-823g
References		https://vuldb.com/cve/CVE-2026-11492 https://vuldb.com/submit/834816 https://vuldb.com/vuln/369112 https://vuldb.com/vuln/369112/cti https://www.dlink.com/ https://www.notion.so/D-Link-DIR823G-V1-0-2B05_20181207-3671f5ba989080ac97fdc36d2fb5e57d?source=copy_link
Metrics		cvssV2_0 `{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}`

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-06-08T05:30:09.936Z

Updated: 2026-06-08T13:00:43.295Z

Reserved: 2026-06-07T10:16:15.110Z

Link: CVE-2026-11492

Vulnrichment

Updated: 2026-06-08T13:00:37.875Z

NVD

Status : Analyzed

Published: 2026-06-08T07:16:26.850

Modified: 2026-06-09T16:17:15.573

Link: CVE-2026-11492

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Exploitation poc

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object