D-Link DIR-823G vsftpd vsftpd.conf least privilege violation
CVE-2026-11492

5.3MEDIUM

Key Information:

Vendor: D-link
Status: Dir-823g
Vendor: CVE Published:; 8 June 2026

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2026-11492?

A security flaw has been discovered in D-Link DIR-823G 1.0.2B05. The affected element is an unknown function of the file /etc/vsftpd.conf of the component vsftpd. Performing a manipulation results in least privilege violation. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.

Affected Version(s)

DIR-823G 1.0.2B05

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-11492 - Proof of Concept

References

https://vuldb.com/vuln/369112

vdb-entry

https://vuldb.com/vuln/369112/cti

signaturepermissions-required

https://vuldb.com/cve/CVE-2026-11492

third-party-advisory

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jun 8, 2026
👾
Exploit known to exist
Jun 8, 2026
Vulnerability published
Jun 8, 2026
Vulnerability Reserved
Jun 7, 2026

Credit

L-14 (VulDB User)

CVE-2026-11492 Data

JSON

D-link

Badges

What is CVE-2026-11492?

Affected Version(s)

Exploit Proof of Concept (PoC)

References

CVSS V4

Timeline

Credit