Least Privilege Violation in D-Link DIR-823G Web Interface
CVE-2026-15270
7.7HIGH
Key Information:
Badges
๐พ Exploit Exists๐ก Public PoC
What is CVE-2026-15270?
A vulnerability exists in the D-Link DIR-823G router's web interface, specifically in the /etc/boa/boa.conf file, which can be exploited via remote manipulation. This weakness may allow attackers to bypass privilege restrictions, potentially leading to unauthorized actions within the device. Although public exploits are available, executing a successful attack requires a high level of technical complexity.
Affected Version(s)
DIR-823G 1.0.2B05_20181207
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Credit
L-14 (VulDB User)