CVE-2026-11497 | A vulnerability has been found in D-Link DCS-5615 1.01.00. A… | CVSS 5.3 MEDIUM

Description

A vulnerability has been found in D-Link DCS-5615 1.01.00. Affected by this vulnerability is an unknown functionality of the file /etc/conf.d/boa/boa.conf of the component Boa Webserver. Such manipulation leads to least privilege violation. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.

Metadata

CVE ID: CVE-2026-11497
State: PUBLISHED
Assigner: VulDB
Reserved: 2026-06-07 13:18 UTC
Published: 2026-06-08 06:30 UTC
Last updated: 2026-06-09 14:51 UTC
Primary CWE: CWE-272
Least Privilege Violation
Vendor / Product: D-Link / DCS-5615
Sources: cve.org · NVD

Severity & Metrics

5.3 MEDIUM CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

SSVC — CISA Coordinator

Exploitation: PoC
Automatable: yes
Tech. Impact: partial

Affected products (1)

Vendor	Product	Platform	Versions
D-Link	DCS-5615	—	1.01.00

Weakness (CWE)

CWE	Source	Description
CWE-266	cna	Incorrect Privilege Assignment
CWE-272	cna	Least Privilege Violation

CVSS scores (4)

Score	Severity	Version	Source	Vector
6.9	MEDIUM	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
5.3	MEDIUM	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
5.3	MEDIUM	3.0	cna	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
5.0	N/D	2.0	cna	AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR

References (6)

VDB-369117 | D-Link DCS-5615 Boa Webserver boa.conf least privilege violation https://vuldb.com/vuln/369117
VDB-369117 | CTI Indicators (IOB, IOC, TTP, IOA) https://vuldb.com/vuln/369117/cti
CVE-2026-11497 | CVE Analysis and Report https://vuldb.com/cve/CVE-2026-11497
Submit #834823 | D-link DCS-5615 1.01.00 Misconfiguration https://vuldb.com/submit/834823
https://www.notion.so/D-link-DCS-5615_REV_1-01-00-3670ed14e5cb80e9be78f7d8dbf1e789?source=copy_link
https://www.dlink.com/