Least Privilege Violation in D-Link DIR-823G Web Interface
CVE-2026-15270

7.7HIGH

Key Information:

Vendor

D-link

Status
Vendor
CVE Published:
9 July 2026

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2026-15270?

A vulnerability exists in the D-Link DIR-823G router's web interface, specifically in the /etc/boa/boa.conf file, which can be exploited via remote manipulation. This weakness may allow attackers to bypass privilege restrictions, potentially leading to unauthorized actions within the device. Although public exploits are available, executing a successful attack requires a high level of technical complexity.

Affected Version(s)

DIR-823G 1.0.2B05_20181207

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

References

CVSS V4

Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

L-14 (VulDB User)
.