D-Link Devices: Three Privilege Escalation Flaws Disclosed on June 8th
D-Link faces disclosure of three privilege escalation vulnerabilities affecting network devices, including switches and routers, with varying severity levels.
Key findings
- Three D-Link vulnerabilities disclosed on June 8th, 2026, all related to least privilege violation.
- Affected devices include DGS-1100-08PD, DCS-5615, and DIR-823G.
- Two medium-severity flaws (CVE-2026-11497, CVE-2026-11492) impact Boa Webserver and vsftpd configurations.
- One low-severity flaw (CVE-2026-11555) affects the Web Interface of a D-Link switch.
- All vulnerabilities can be exploited remotely and require a high level of complexity.
On June 8th, 2026, a cluster of three vulnerabilities affecting D-Link network devices was disclosed, all centering around the theme of least privilege violation. These issues, impacting devices such as the DGS-1100-08PD switch, the DCS-5615 camera, and the DIR-823G router, were reported with a publication window spanning 11 hours on the same day.
Two of the vulnerabilities, CVE-2026-11497 and CVE-2026-11492, are classified as medium severity. CVE-2026-11497 affects the D-Link DCS-5615 (version 1.01.00) and targets an unknown function within the Boa Webserver's configuration file, /etc/conf.d/boa/boa.conf. Similarly, CVE-2026-11492 impacts the D-Link DIR-823G (version 1.0.2B05), with the flaw residing in an unspecified function related to the /etc/vsftpd.conf file, component vsftpd.
Both of these medium-severity flaws allow for remote exploitation and require a high level of complexity to execute, according to their descriptions. The common thread is the potential for least privilege violation, meaning an attacker could gain unauthorized access or control over system functions they should not have.
The third vulnerability, CVE-2026-11555, is rated as low severity. This issue affects the D-Link DGS-1100-08PD (version 1.00.006) and pertains to an unknown processing vulnerability within the /etc/boa.conf file of its Web Interface component. While rated lower, it also presents a risk of least privilege violation and can be exploited remotely, though it too demands a high level of complexity.
All three disclosed vulnerabilities share a common characteristic: they can be exploited remotely and result in a least privilege violation. The specific components targeted vary, including the Web Interface, Boa Webserver, and vsftpd, indicating potential weaknesses in how these services handle configuration files or process user input.
Details regarding specific patches or firmware updates that address these vulnerabilities were not immediately available at the time of disclosure. Users of the affected D-Link devices are advised to monitor D-Link's official support channels for any security advisories or firmware updates. The disclosure of these vulnerabilities highlights the ongoing need for vigilance in securing network infrastructure, even with flaws that require complex exploitation.
Given the nature of these vulnerabilities, which allow for remote exploitation and privilege escalation, it is crucial for organizations and individuals using the affected D-Link models to stay informed about potential patches. The simultaneous disclosure suggests a coordinated reporting or discovery process, emphasizing the importance of timely vendor responses to security concerns.