7.5
CVE-2026-15270
- EPSS -
- Veröffentlicht 09.07.2026 19:45:08
- Zuletzt bearbeitet 09.07.2026 20:16:28
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
D-link DIR-823G Web boa.conf least privilege violation
A weakness has been identified in D-link DIR-823G 1.0.2B05_20181207. Affected by this vulnerability is an unknown functionality of the file /etc/boa/boa.conf of the component Web Interface. Executing a manipulation can lead to least privilege violation. The attack can be launched remotely. The attack requires a high level of complexity. The exploitation appears to be difficult. The exploit has been made available to the public and could be used for attacks.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerD-link
≫
Produkt
DIR-823G
Version
1.0.2B05_20181207
Status
affected
VulnDex Vulnerability Enrichment
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cna@vuldb.com | 7.5 | 1.6 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| cna@vuldb.com | 6.8 | 0 | 0 |
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| cna@vuldb.com | 7.1 | 3.9 | 10 |
AV:N/AC:H/Au:S/C:C/I:C/A:C
|
CWE-266 Incorrect Privilege Assignment
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
CWE-272 Least Privilege Violation
The elevated privilege level required to perform operations such as chroot() should be dropped immediately after the operation is performed.
https://www.dlink.com/
https://vuldb.com/vuln/377213
https://vuldb.com/vuln/377213/cti
https://vuldb.com/cve/CVE-2026-15270
https://vuldb.com/submit/852314
https://app.notion.com/p/DIR823G-V1-0-2B05_20181207-37a1f5ba989080f2a043c60d2cfc7499?source=copy_link